Sephora data breach impacts Southeast Asia customers

A Sephora data breach has been confirmed, spanning customers from Hong Kong across Southeast Asia and into Australasia.

The LVMH-owned company has emailed online customers who may have been affected confirming some of their data may have been accessed and copied.

The international beauty retailer said an unknown number of customers have been affected in territories including Hong Kong, Singapore, Malaysia, Indonesia, Thailand, the Philippines, New Zealand and Australia. Stores were not affected with the compromised data relating only to people using the brand’s online services in the region.

The firm sent an email out to its users on Monday explaining that the breach had become apparent over the course of the past fortnight.

“Some personal information may have been exposed to unauthorised third parties,” said the email signed by Sephora’s MD Southeast Asia Alia Gogi, “including first and last name, date of birth, gender, email address and encrypted password, as well as data related to beauty preferences.”

An email sent to Singapore customers affected by the Sephora data breach.

The email (pictured above) explaining the Sephora data breach stated that credit-card information does not appear to have been accessed and that personal data had not been misused.

The firm has responded by resetting all existing passwords and conducting a full security review, as well as offering customers a free personal monitoring service, available via a unique code and sign-up link directing users to a third party solutions provider.

What’s next?

A Sephora spokesperson told Inside Retail the company had engaged with independent experts to investigate the incident, and concluded that no major vulnerability was found in the company’s website – nor did they find any trace of a cyber attack.

Additionally, the brand has reviewed its security, having implemented a high level of monitoring and alerting for further unusual activity, implemented 2-factor authentication for all privileged systems, validated its security plan with internal and external security auditors, and has had a third-party independent from its external security experts perform a penetration test on its security.

This story first appeared on sister site Inside Retail Asia.

Comments

Comment Manually

I have read and agree to the Terms and Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inside Retail Polls

Do you plan to participate in Halloween this year?
Vote

Twitter

Do you enjoy receiving our daily Newsbriefs, weekly publications, quarterly magazines and attending our Academy eve… https://t.co/JdcO4xcwOH

3 weeks ago

Know an outstanding retailer supplier? Nominate them for the 2020 Retailer Awards: https://t.co/HsvxfGp6aK #RA20https://t.co/FsSnykknRF

4 weeks ago

Do you know any retailer with exceptional customer experience? Nominate them at 2020 Retailer Awards:… https://t.co/Tc3DDjJbFV

1 month ago
x

SUBSCRIBE
FREE NEWS BRIEFS Get breaking news delivered

Privacy Preference Center