So I got this email from Subway as I registered and used their app one or twice. The mail was very vauge. To me, it seemed like their systems had either been hacked or they realised the stored data was not probably encrypted.
This is probably one of the reasons I use a password manager for security, so I can set individual passwords for each site I use. That way, if there is an issue with one site, I don’t have to change the 500+ passwords I have stored in my vault.