- Rituals confirmed a cyberattack in April that exposed customer data from its “My Rituals” membership program.
- The stolen information includes names, contact details, dates of birth and addresses, although passwords and payment data were not accessed.
- The company launched a forensic investigation, notified affected users, and reported the incident to authorities, with no evidence of a public leak so far.
Rituals, a global cosmetics giant, suffered a cyberattack in which it lost personally identifiable information (PII) belonging to its customers.
In a security advisory posted on its website, Rituals said it had identified an unauthorized download of some of its members’ data. The attack, which took place in April this year, was stopped as soon as the company became aware of it, it said, without giving a more precise timeline of events.
Before the scammers were ousted, they managed to steal people’s full names, email addresses, phone numbers, dates of birth, genders and postal addresses.
Article continues below
No attribution
Even if passwords and payment information were not accessed, this type of information is more than enough to launch very convincing phishing emails, which can lead to ransomware attacks, fraudulent wire transfers, identity theft, and other more serious forms of cybercrime.
“We have launched a thorough forensic investigation to understand how this happened and what steps we can take to avoid a similar incident in the future,” Rituals said in the notice. “We have also reported this to the relevant authorities.” Customers whose data was accessed were also notified by email and warned to be on the lookout for incoming communications claiming to be from the company.
The organization did not say who was behind the attack, or whether the malicious actors attempted to extort it in exchange for removing the files. It says there is currently no evidence that the data is publicly available.
According to BeepComputerThe incident affects the company’s “My Rituals” membership database, which has more than 41 million members. The same publication also states that to date, no threat actor has claimed responsibility for the incident.
Rituals has more than 12,000 employees worldwide and operates more than 1,400 retail boutiques and more than 4,800 luxury perfumeries in 33 countries.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
