- Rituals confirmed a cyber attack in April that exposed customer data from its “My Rituals” membership program.
- Stolen information includes names, contact details, dates of birth and addresses, although passwords and payment data were not accessed.
- The company launched a forensic investigation, notified affected users and reported the incident to authorities with no evidence of public leaks so far.
Global cosmetics powerhouse Rituals suffered a cyber attack in which it lost personally identifiable data (PII) belonging to its customers.
In a security notice published on its website, Rituals said it identified an unauthorized download of a portion of its members’ data. The attack, which took place in April this year, was stopped as soon as the company noticed it, it said, without giving a more precise timeline of events.
Before the crooks were evicted, they managed to steal people’s full names, email addresses, phone numbers, dates of birth, gender and postal addresses.
The article continues below
No attribution
Although passwords and payment information were not accessed, this type of information is more than enough to launch very convincing phishing emails that can lead to ransomware attacks, fraudulent bank transfers, identity theft and other more serious cybercrimes.
“We have initiated an in-depth forensic investigation to understand how this happened and what measures we can take to prevent a similar incident in the future,” Rituals said in the release. “We have also reported it to the appropriate authorities.” Customers whose data was accessed have also been notified by email and warned to be on the lookout for incoming communications claiming to be from the company.
The organization did not say who was behind the attack or whether the threat actors tried to blackmail it in exchange for deleting the files. It says there is currently no evidence that the data is publicly available.
According to Bleeping Computerthe incident affects the company’s “My Rituals” member database, which has more than 41 million members. The same publication also says that today there were no threat actors claiming responsibility for the incident.
Rituals has more than 12,000 employees worldwide and operates more than 1,400 retail stores and more than 4,800 luxury perfumeries in 33 countries.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
