Rituals, a prominent name in the luxury cosmetics sector, recently confirmed a data breach that has impacted its My Rituals loyalty program members. This breach, occurring earlier this month, involved unauthorized access and download of specific member data.
Details of the Data Breach
Upon discovering the breach, Rituals took swift action to halt the unauthorized access. According to a statement shared with SecurityWeek, the company has successfully contained the situation and is in the process of notifying affected members directly. The compromised data potentially includes names, addresses, phone numbers, email addresses, dates of birth, and gender of customers.
Importantly, Rituals reassured members that no passwords or payment information were exposed during the incident. The company has launched an extensive forensic investigation to identify the breach’s root causes and to reinforce its security measures to prevent future occurrences. Moreover, this incident has been reported to the appropriate authorities for further examination.
Impact and Response
While Rituals has not disclosed the specific number of affected individuals, it is notable that the company boasts over 40 million My Rituals members globally. For security reasons, details regarding the perpetrators and any potential extortion attempts have not been disclosed. At this time, no known ransomware or extortion groups have taken responsibility, and there is no evidence of the stolen data being publicly leaked.
In a message to its customers, Rituals emphasized that the breach is contained and no immediate action is required from them. However, they advise vigilance against phishing attempts, reminding customers to be cautious of suspicious communications.
Company Profile and Future Steps
Rituals, headquartered in Amsterdam, Netherlands, is a leading provider of luxury home and body cosmetics, with a presence in over 25 countries through its online platform and more than 1,170 retail locations and 4,200 shop-in-shops. The company is committed to maintaining high standards of data protection and privacy for its customers.
Going forward, Rituals plans to enhance its security infrastructure and practices to safeguard its customer data more effectively. The company remains focused on transparency and customer protection as it navigates this cybersecurity challenge.
