Dutch cosmetic powerhouse Rituals confirms breach and stolen data from 'My Rituals' membership database

News
By published

A yet undisclosed number of customers were affected

hacker hands at work with interface around
(Image credit: Shutterstock)
  • Rituals confirmed a cyberattack in April that exposed customer data from its “My Rituals” membership program.
  • Stolen information includes names, contact details, birth dates, and addresses, though passwords and payment data were not accessed.
  • The company launched a forensic investigation, notified affected users, and reported the incident to authorities, with no evidence of public leaks so far.

Global cosmetics powerhouse Rituals suffered a cyberattack in which it lost personally identifiable data (PII) belonging to its customers.

In a security notice published on its website, Rituals said it identified an unauthorized download of a part of its’ members’ data. The attack, which took place in April this year, was stopped as soon as the company noticed it, it said, without giving a more precise timeline of events.

Before the crooks were ousted, they managed to steal people’s full names, email addresses, phone numbers, dates of birth, genders, and postal addresses.

Article continues below

No attribution

While passwords and payment information was not accessed, this type of information is more than enough to launch highly convincing phishing emails, which can lead to ransomware attacks, fraudulent wire transfers, identity theft, and other forms of more serious cybercrime.

“We have initiated an in-depth forensic investigation to understand how this happened and what measures we can take to prevent a similar incident in the future,” Rituals said in the notice. “We have also reported it to the relevant authorities.” Customers whose data was accessed have also been notified via email and warned to be on the lookout for incoming communications claiming to come from the company.

The organization did not say who was behind the attack, or if the threat actors tried to extort it in exchange for deleting the files. It says that there is currently no evidence of the data being publicly available.

According to BleepingComputer, the incident affects the company’s "My Rituals" membership database, which has more than 41 million members. The same publication also says that as of today, no threat actors claimed responsibility for the incident.

Rituals counts more than 12,000 employees worldwide and operates more than 1,400 retail boutiques and more than 4,800 luxury perfumeries in 33 countries.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.