Sephora data breach impacts Southeast Asia customers

A Sephora data breach has been confirmed, spanning customers from Hong Kong across Southeast Asia and into Australasia.

The LVMH-owned company has emailed online customers who may have been affected confirming some of their data may have been accessed and copied.

The international beauty retailer said an unknown number of customers have been affected in territories including Hong Kong, Singapore, Malaysia, Indonesia, Thailand, the Philippines, New Zealand and Australia. Stores were not affected with the compromised data relating only to people using the brand’s online services in the region.

The firm sent an email out to its users on Monday explaining that the breach had become apparent over the course of the past fortnight.

“Some personal information may have been exposed to unauthorised third parties,” said the email signed by Sephora’s MD Southeast Asia Alia Gogi, “including first and last name, date of birth, gender, email address and encrypted password, as well as data related to beauty preferences.”

An email sent to Singapore customers affected by the Sephora data breach.

The email (pictured above) explaining the Sephora data breach stated that credit-card information does not appear to have been accessed and that personal data had not been misused.

The firm has responded by resetting all existing passwords and conducting a full security review, as well as offering customers a free personal monitoring service, available via a unique code and sign-up link directing users to a third party solutions provider.

What’s next?

A Sephora spokesperson told Inside Retail the company had engaged with independent experts to investigate the incident, and concluded that no major vulnerability was found in the company’s website – nor did they find any trace of a cyber attack.

Additionally, the brand has reviewed its security, having implemented a high level of monitoring and alerting for further unusual activity, implemented 2-factor authentication for all privileged systems, validated its security plan with internal and external security auditors, and has had a third-party independent from its external security experts perform a penetration test on its security.

This story first appeared on sister site Inside Retail Asia.

Comments

Comment Manually

I have read and agree to the Terms and Conditions and Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inside Retail Polls

Is the US-China trade war having an impact on your business?
Vote

Twitter

#AlceonGroup announce first Victorian @Lego_Group store to open in @WestfieldAU Doncaster #retail https://t.co/qMfYJp5WFM

4 days ago

Almost half of online marketplace @Kogan gross profit for FY19 came from its private label offering #retail #onlinehttps://t.co/lLwhKBnVp2

5 days ago

Talks of a merger between @OZretailers and @retailaustralia have come to a close, with the parties failing to align… https://t.co/hkqHyDsBkr

2 weeks ago
x

SUBSCRIBE
FREE NEWS BRIEFS Get breaking news delivered