Skip to main content

Advertisement

Advertisement

Sephora’s online customers in SE Asia told to change passwords after data breach

SINGAPORE — Sephora’s customers who have online accounts with the cosmetics and beauty products retailer were alerted on Monday (July 29) to a data breach discovered by the company in the last fortnight.

Some online shoppers in Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore and Thailand who use beauty products retailer Sephora's mobile application and website have been affected by a data leak.

Some online shoppers in Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore and Thailand who use beauty products retailer Sephora's mobile application and website have been affected by a data leak.

Follow TODAY on WhatsApp

SINGAPORE — Sephora’s customers who have online accounts with the cosmetics and beauty products retailer were alerted on Monday (July 29) to a data breach discovered by the company in the last fortnight.  

In an email sent out to its customers in the Asia-Pacific region, including Singapore, Sephora said that personal information of "some customers" has been exposed to unauthorised third parties.

Ms Alia Gogi, managing director of Sephora South-east Asia, said in the email that the leaked information included the users’ first and last name, date of birth, gender, email address, encrypted password as well as data related to “beauty preferences”.

No credit card information was accessed, she stressed, adding that the company has “no reason to believe that any personal data has been misused”.

The security incident affected online account holders in Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore and Thailand.

Ms Gogi apologised to customers and said that the company has taken precautionary measures such as cancelling all existing passwords for customer accounts and “thoroughly reviewing” its security systems.

All online users are advised to change their passwords if they have not already done so.

“We are also offering a personal data monitoring service, at no cost to you, through a leading third-party provider,” Ms Gogi said.

Those who would like to register for the personal data monitoring service can do so online by Nov 30.

On its website, Sephora stated that none of its physical stores are unaffected. The data breach was limited to a database serving its South-east Asia, Hong Kong, Australia and New Zealand customers who used its online services and mobile application.

It also stated that it “immediately appointed independent experts” to help investigate the breach, and notified affected customers as soon as it was able to verify the details of the incident. It is still investigating the extent of the data leak.

Founded in France, Sephora has close to 2,000 stores in about 30 markets selling cosmetics, skincare, fragrance, beauty tools, personal and hair care products.

Its website stated that it has an expanding base of more than 200 stores across the Asia-Pacific region including Australia, China, India, Indonesia, Malaysia, Singapore and Thailand.

It is owned by French luxury goods conglomerate LVMH.

Related topics

Sephora data breach data leak cyber security online shopping app

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.