- Rituals confirmed a cyberattack in April that exposed customer data from its “My Rituals” membership program.
- Stolen information includes names, contact details, birth dates, and addresses, though passwords and payment data were not accessed.
- The company launched a forensic investigation, notified affected users, and reported the incident to authorities, with no evidence of public leaks so far.
Global cosmetics powerhouse Rituals suffered a cyberattack in which it lost personally identifiable data (PII) belonging to its customers.
In a security notice published on its website, Rituals said it identified an unauthorized download of a part of its’ members’ data. The attack, which took place in April this year, was stopped as soon as the company noticed it, it said, without giving a more precise timeline of events.
Before the crooks were ousted, they managed to steal people’s full names, email addresses, phone numbers, dates of birth, genders, and postal addresses.
Article continues below
No attribution
While passwords and payment information was not accessed, this type of information is more than enough to launch highly convincing phishing emails, which can lead to ransomware attacks, fraudulent wire transfers, identity theft, and other forms of more serious cybercrime.
“We have initiated an in-depth forensic investigation to understand how this happened and what measures we can take to prevent a similar incident in the future,” Rituals said in the notice. “We have also reported it to the relevant authorities.” Customers whose data was accessed have also been notified via email and warned to be on the lookout for incoming communications claiming to come from the company.
The organization did not say who was behind the attack, or if the threat actors tried to extort it in exchange for deleting the files. It says that there is currently no evidence of the data being publicly available.
According to BleepingComputer, the incident affects the company’s “My Rituals” membership database, which has more than 41 million members. The same publication also says that as of today, no threat actors claimed responsibility for the incident.
Rituals counts more than 12,000 employees worldwide and operates more than 1,400 retail boutiques and more than 4,800 luxury perfumeries in 33 countries.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/VGPtSi99Vy7pCWeNLEcT5c-2560-80.jpg
Source link
