YKGI, the parent company of Chicha San Chen in Taiwan, has reported a cyber-security incident involving its customer relationship management system to the Singapore Exchange. The breach exposed names, mobile numbers, emails, and encrypted passwords of members. It occurred when unauthorized access was gained through a shared server operated by an external vendor.
The incident specifically targeted the CHICHA San Chen membership database. Immediate measures were taken by the vendor to patch the server vulnerability upon discovery. YKGI has notified the Personal Data Protection Commission and assured that the leaked passwords are encrypted, although the encryption method was not specified.
In response to the breach, YKGI advises all Chicha San Chen members to promptly change their login passwords. This precautionary step extends to passwords reused across other platforms. The breach was flagged when member data appeared for sale on a hacker’s forum on June 5, as reported by the Straits Times in Singapore.
Reference:
