Dutch cosmetics company Rituals disclosed a data breach after attackers exfiltrated personal information from its My Rituals membership database. The company says no passwords or payment data were accessed, it has blocked the attackers, notified authorities and affected customers, and is conducting a forensic investigation. #Rituals #MyRituals
Keypoints
- Attackers downloaded personal data from the My Rituals loyalty database.
- Potentially exposed fields include full name, email, phone number, date of birth, gender, and home address.
- Rituals confirmed that no passwords or payment information were accessed.
- The company has blocked attacker access, notified relevant authorities, and informed affected customers.
- Rituals has not disclosed the number of affected members or identified any responsible threat actor, despite the program having over 41 million members.