Request Demo

Sephora has notified customers in the Asia-Pacific region who have online accounts that the cosmetics and beauty products retailer suffered a data breach, according to Malay Mail.

Customers reportedly received an email in which the company explained that an unauthorized third party had gotten access to the personal information of “some customers,” reportedly those in Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore and Thailand.

The exposed information included the users’ first and last name, date of birth, gender, email address, encrypted password and data related to “beauty preferences,” according to what Alia Gogi, managing director of Sephora Southeast Asia, reportedly wrote in an email.

Additionally, Gogi added that no credit card information was accessed and the company has “no reason to believe that any personal data has been misused,” the report said.

"It is a great challenge for many organizations to standardize their cybersecurity operations globally. Varying regulations for both security and privacy come into play, especially when dealing with an enterprise that operates around the globe,” said George Wrenn, founder and CEO of CyberSaint Security.

“This breakdown is why we see many large organizations flock to an integrated risk management (IRM) approach. IRM is allowing organizations to aggregate risk and compliance data from all business units and make smarter and more informed decisions. With the patchwork of regulations that are emerging around the world, cybersecurity leaders must be prepared to integrate their organizations to stay wholly aware of the posture of their organization."

Fraudsters and cyber-criminals have easy access to customer data given the mega breaches of the past few years, and Kevin Gosschalk, CEO, Arkose Labs, said that each subsequent breach only adds to the available information on the dark web, creating a paradigm of fraudulent activity.

“These types of incidents provide cyber-criminals with the incentive and tools they need in order to commit ongoing, lucrative and easy fraud. In this case, the information hackers had access to, including encrypted passwords and email addresses, can now be weaponized in future account takeover (ATO) attacks. While Sephora has cancelled all existing passwords as an immediate first step, customers are inherently still at risk,” Gosschalk added.

"There is an ongoing onus on Sephora to safeguard its customers against future cybercrime associated with their password vulnerabilities. Our reality is that cybercrime is a well-funded and connected business where fraudsters have access to sophisticated tools and resources to launch attacks. This breach is yet another incident that provides them with the exact ammunition they need. The longer-term solution will come from eliminating the economic incentives behind these attacks through the use of integrated strategies that detect fraud in real time and block attacks from being successful.”

This post, written by Kacy Zurkus originally appeared on Infosecurity Magazine

You may also like

CyberSaint Releases New California ...
on September 6, 2019

CyberSaint Security, the leading cybersecurity software firm powering automated, intelligent compliance and risk management, today announced the availability of the new California ...

What NIST’s Cybersecurity ...
on September 6, 2019

The risk of your business falling victim to cybercrime has never been higher. Despite a seemingly endless parade of high profile data breaches, ransomware attacks, and phishing ...

Aliznet exposed database leaks ...
on September 6, 2019

Personal information on customers of French retail consultancy Aliznet were exposed through an unprotected Elasticsearch server. “The most sensitive leaked data involves [2.5 ...

CyberSaint Releases New California ...
on September 6, 2019

BOSTON--(BUSINESS WIRE)--CyberSaint Security, the leading cybersecurity software firm powering automated, intelligent compliance and risk management, today announced the ...

IBM-Ponemon Study Highlights ...
on August 19, 2019

Around the world, the cost of a data breach continues to rise, according to the latest annual report conducted by the Ponemon Institute and sponsored by IBM Security. As the 2019 ...

Sephora Warns Users of Data Breach
on July 31, 2019

Sephora has notified customers in the Asia-Pacific region who have online accounts that the cosmetics and beauty products retailer suffered a data breach, according to Malay Mail. ...