Dutch cosmetics massive Rituals disclosed an information breach after attackers stole the non-public knowledge of an undisclosed collection of shoppers from its “My Rituals” club database.
The corporate printed the protection incident in a Wednesday realize, announcing that the breach was once came upon previous this month after it was once alerted to unauthorized downloads of its participants’ knowledge.
Rituals has notified related government of the incident and has since contained the breach by way of blocking off the attackers’ get entry to. It additionally added that it has but to seek out proof that the stolen knowledge has been leaked on-line.
“The non-public knowledge concerned (to the level you might have shared it with us) might come with complete title, e-mail cope with, telephone quantity, date of start, gender, house cope with. We will be able to ascertain that no passwords or fee knowledge have been accessed,” Rituals stated.
“We now have initiated an in-depth forensic investigation to know how this took place and what measures we will be able to take to forestall a identical incident at some point. We now have additionally reported it to the related government.”
The corporate says the knowledge breach impacts participants of its My Rituals loyalty program, which provides unique rewards, gift-with-purchase advantages, and birthday items.
Whilst a Rituals spokesperson did not percentage what number of shoppers were suffering from this knowledge breach, the corporate says its My Rituals has over 41 million participants. TechCrunch, which first reported the incident, stated Rituals additionally notified some shoppers in the US.
“We now have knowledgeable affected shoppers at once and feature reported the incident to the related government,” the spokesperson additionally instructed BleepingComputer when requested for extra main points. “For safety causes, we’re now not in a position to percentage additional main points on attribution or touch upon any possible communications with the unauthorised celebration.”
Rituals has additionally but to reveal the character of the cyberattack, and no cybercrime teams or risk actors have claimed duty for the breach.
Based in 2000 in Amsterdam, Netherlands, Rituals now has over 12,000 staff international and reported €2.4 billion in income in 2025. Rituals additionally operates greater than 1,400 retail boutiques and simply over 4,800 luxurious perfumeries and division retail outlets throughout 33 international locations.
Replace April 23, 10:16 EDT: Added Rituals commentary.
AI chained 4 zero-days into one exploit that bypassed each renderer and OS sandboxes. A wave of latest exploits is coming.
On the Independent Validation Summit (Might 12 & 14), see how self sustaining, context-rich validation unearths what is exploitable, proves controls dangle, and closes the remediation loop.
Declare Your Spot
