SINGAPORE: Personal details of Sephora’s online customers in Singapore, Malaysia, Indonesia, Thailand, the Philippines, Hong Kong, Australia and New Zealand have been leaked, the international beauty retailer said on Monday (Jul 29).
Sephora said in a notice to customers that the data breach, which involved “some customers”, had resulted in the exposure of personal information to unauthorised third parties.
Sephora did not elaborate on the number of users affected.
The personal information compromised includes the user’s first and last name, date of birth, gender, email address, encrypted password, as well as data related to beauty preferences.
“Please be reassured that no credit card information was accessed, and we have no reason to believe that any personal data has been misused,” it added.
A screenshot of an email sent out to Sephora online users, Jul 29, 2019.
Managing director for Sephora Southeast Asia, Alia Gogi said in an email to customers that all existing passwords for customer accounts have been cancelled as a precaution.
“We are also offering a personal data monitoring service, at no cost to you, through a leading third-party provider,” she added.
The French beauty giant also said that it has “thoroughly reviewed” its security systems.
Sephora’s online users are advised to change their password if they have not already done so. They should also register for the personal data monitoring service online by Nov 30.
None of the physical stores were affected, said the cosmetic retailer on its frequently asked questions page.
“The security incident was limited to a database serving our Southeast Asia, Hong Kong SAR and Australia/New Zealand customers who used our online services,” Sephora stated, adding that it was safe for customers to continue using its website and mobile app.
The company also said it detected the data breach “over the last two weeks” and immediately appointed independent experts to investigate. Affected customers were notified as soon as the details of the incident had been verified.
