Sephora Suffered Data Breach Targeting Customers From Southeast Asia, Australia, and New Zealand

Another day, another breach. This time, the victim turns out to be the French beauty and personal care brand – Sephora. As confessed by the firm itself, Sephora suffered a data breach compromising personal data of the customers. The breach affected customers from specific regions that predominantly include Southeast Asia.

Sephora Confirmed Data Breach

Reportedly, the Paris-based beauty brand has confirmed a cyber attack on its systems. According to ZDNet, Sephora suffered the breach over the past two weeks.

The incident came under the limelight after Sephora’s MD for Southeast Asia informed some customers about the matter via email. As revealed, the company faced a cyber intrusion that affected some of its customers. Most victims belong to Southeast Asia, Australia, and New Zealand, along with customers from some other countries. As stated in the email from Alia Gogi, Sephora SEA MD,

Over the last two weeks, we discovered a breach in data related to some customers who have used our online services in Singapore, Malaysia, Indonesia, Thailand, Philippines, Hong Kong SAR, Australia, and New Zealand.

The firm suspects that the incident might have resulted in the exposure of customers’ personal information to the attackers. The leaked details may include full names, gender, birth dates, email addresses, passwords in encrypted forms, and some information about the customers’ beauty preferences.

Nonetheless, Sephora assured that the incident did not affect any payment data.

Customers To Reset Passwords

Upon noticing the breach, Sephora quickly took measures to contain the attack and launch investigations. They then informed the customers of the incident after they verified.

The data breach has only affected the customers who shop online. Those collaborating with the brand via physical stores remain unaffected. While they do not believe any misuse of the breached data, they still reset customers’ passwords out of caution.

As a precaution, we have cancelled all existing passwords for customer accounts and have thoroughly reviewed our security systems.

Moreover, they are also offering free personal data monitoring service.

We are also offering a personal data monitoring service, at no cost to you, through a leading third-party provider.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients