<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

Sephora has notified customers in the Asia-Pacific region who have online accounts that the cosmetics and beauty products retailer suffered a data breach, according to Malay Mail.

Customers reportedly received an email in which the company explained that an unauthorized third party had gotten access to the personal information of “some customers,” reportedly those in Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore and Thailand.

The exposed information included the users’ first and last name, date of birth, gender, email address, encrypted password and data related to “beauty preferences,” according to what Alia Gogi, managing director of Sephora Southeast Asia, reportedly wrote in an email.

Additionally, Gogi added that no credit card information was accessed and the company has “no reason to believe that any personal data has been misused,” the report said.

"It is a great challenge for many organizations to standardize their cybersecurity operations globally. Varying regulations for both security and privacy come into play, especially when dealing with an enterprise that operates around the globe,” said George Wrenn, founder and CEO of CyberSaint Security.

“This breakdown is why we see many large organizations flock to an integrated risk management (IRM) approach. IRM is allowing organizations to aggregate risk and compliance data from all business units and make smarter and more informed decisions. With the patchwork of regulations that are emerging around the world, cybersecurity leaders must be prepared to integrate their organizations to stay wholly aware of the posture of their organization."

Fraudsters and cyber-criminals have easy access to customer data given the mega breaches of the past few years, and Kevin Gosschalk, CEO, Arkose Labs, said that each subsequent breach only adds to the available information on the dark web, creating a paradigm of fraudulent activity.

“These types of incidents provide cyber-criminals with the incentive and tools they need in order to commit ongoing, lucrative and easy fraud. In this case, the information hackers had access to, including encrypted passwords and email addresses, can now be weaponized in future account takeover (ATO) attacks. While Sephora has cancelled all existing passwords as an immediate first step, customers are inherently still at risk,” Gosschalk added.

"There is an ongoing onus on Sephora to safeguard its customers against future cybercrime associated with their password vulnerabilities. Our reality is that cybercrime is a well-funded and connected business where fraudsters have access to sophisticated tools and resources to launch attacks. This breach is yet another incident that provides them with the exact ammunition they need. The longer-term solution will come from eliminating the economic incentives behind these attacks through the use of integrated strategies that detect fraud in real time and block attacks from being successful.”

This post, written by Kacy Zurkus originally appeared on Infosecurity Magazine

You may also like

CyberSaint Recognized as a Leader ...
on December 5, 2023

BOSTON, December 5, 2023 — CyberSaint, the leader in cyber risk management, today announced that the company has been recognized as a leader for risk and compliance in the ...

CyberSaint Security Appoints Matt ...
on November 20, 2023

BOSTON, MA — CyberSaint, the leader in cyber risk management, today announced the appointment of Matt Alderman as Chief Product Officer (CPO). In this role, Alderman will lead the ...

CyberSaint and ACSC Research Sheds ...
on October 29, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, in collaboration with the Advanced Cyber Security Center (ACSC), has conducted a comprehensive focus ...

CyberSaint Debuts New Remediation ...
on September 6, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, is proud to announce the launch of the Remediation Suite within the CyberStrong platform. With the ...

STRONGER 2023 Conference ...
on July 19, 2023

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, today announced that attendee registration is now open for its annual STRONGER conference, the ...

CyberSaint Security Recognized in ...
on December 3, 2023

BOSTON, MA – CyberSaint, the leader in cyber risk management, is pleased to announce its inclusion in the latest Gartner® report, "Innovation Insight: Cybersecurity Continuous ...