Sephora reports data breach, but few details

News by Doug Olenick

Sephora informed its online customers about a breach on 29 July, adding that no credit card information was involved nor has any of the data exposed been used in a malicious manner

High-end beauty product supply retailer Sephora is reporting a data breach affecting its customers in the South Pacific and Southeast Asia.

The chain sent an email to its online customers on 29 July detailing the incident. At this time the company does not believe any credit card information was involved nor that any of the data exposed has been used in a malicious manner, The Straits Timesreported. The information involved included first and last name, date of birth, gender, email address and encrypted password, and data related to beauty preferences.

The number of people affected was not released.

"Sephora customers in North America are not affected in any way by this incident. All our regional databases operate independently. This issue is limited to a different database which only serves our Southeast Asia, Hong Kong SAR and Australia/New Zealand e-commerce customers," a Sephora spokesperson told SC Media.

A hard reset of all passwords was conducted and free credit monitoring is being offered to those people involved, but this does not necessarily make customers safe.

"While Sephora has cancelled all existing passwords as an immediate first step, customers are inherently still at risk. The lasting impact is unknown and unfortunately, a staggering 59% of consumers admit to reusing the same password across multiple sites, even knowing the risks associated.

This could give cybercriminals access to various accounts for the same individual across multiple services, rendering their entire digital footprint incredibly vulnerable as a result," said Kevin Gosschalk, CEO, Arkose Labs.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews