Data breach hits F&B operator YKGI

Singaporean F&B group YKGI, which operates brands such as CHICHA San Chen, Yew Kee Duck Rice, and Kampung Kopi House, has been hit with a cyberattack, CEO and Executive Director Seah Qin Quan said in a June 19 bourse filing. 

The data breach occurred with the company’s customer relationship management (CRM) platform, which is operated by a third-party vendor. The hacker got hold of one of the vendor’s shared servers, and was able to access the CHICHA San Chen membership database stored there. 

Following investigation conducted by the vendor, the leaked data consists of personal information of CHICHA San Chen members, such as names, mobile numbers, email addresses, and encrypted login passwords.

YKGI said it has already reported the incident to the Personal Data Protection Commission, while the vendor immediately patched the server vulnerability.

Meanwhile, YKGI already began informing people whose data had been affected, and urged members to replace their existing passwords. The company also said it will initiate a thorough review of the incident to ensure that data entrusted to the vendor remains safe and secure. 

The YKGI data breach comes on the heels of several high-profile cyberattacks in Singapore, such as Jumbo Group, Mustafa, Shook Lin & Bok, and the Ministry of Education. The Cyber Security Agency of Singapore has issued guidelines to strengthen companies’ cybersecurity posture, including the use of multi-factor authentication (MFA) and implementing network segmentation.