Some customers of beauty retailer Sephora received an email on 29 July, informing them of a data breach the company discovered “over the last two weeks”.
Customers who have used Sephora’s online services in Singapore, Malaysia, Indonesia, Thailand, Philippines, Hong Kong, Australia and New Zealand, may have been affected.
According to the email from Sephora SEA Managing Director Alia Gogi, some personal information “including first and last name, date of birth, gender, email address and encrypted password, as well as data related to beauty preferences” may have been exposed to unauthorised third parties.
However, she assured customers that no credit card information was accessed, and said they have “no reason to believe that any personal data has been misused”.
It was not stated how many customers were affected by the breach.
If you find that your password has been reset when you try to sign into your Sephora account, this is part of the company’s response as they review their security systems.
On top of cancelling all existing passwords, Sephora is also offering a personal data monitoring service from a “leading third-party provider” to users for free.
They advise all customers to take the first line of defence and change their passwords (at the very least), and to consider registering for the personal data monitoring service.
Sephora has notified Singapore’s Personal Data Protection Commission about the breach, and it is currently carrying out investigations.
A spokesperson from Sephora Southeast Asia also told Straits Times that the company has engaged some cyber security experts.
They found no traces of a cyber attack, and “no major vulnerabilities” on Sephora’s online stores.
Featured Image Credit: Altavia