France’s Sephora has flagged a large-scale data breach, revealing that the personal information and passwords of the cosmetic retailer’s Asia Pacific customers have been exposed to an “unauthorised third party.”
The LVMH-owned beauty brand could not confirm how many shopping accounts had been compromised, but it is estimated that 3.7 million accounts have been hit.
Hackers reportedly gained access to APAC shoppers’ personal information including
names, genders, birth dates, email addresses, encrypted passions, and shopping preferences.
Sephora said it has not identified who the third party is, but claims it has “no reason to believe that any personal data has been misused.”
It also claims that “no credit card information was accessed” by the third party.
“The external independent experts we engaged to investigate concluded that no major
vulnerability was found on Sephora SEA’s websites, nor did they find any traces of a
cyberattack,” the company said.
The countries affected by the breach, which was said to have taken place in May, are Australia, Singapore, Malaysia, Indonesia, Thailand, the Philippines, Hong Kong, and New Zealand.
Earlier this year, Sephora announced that it would be making its brick-and-mortar
comeback in Hong Kong, adding to its previously opened stores in China, Singapore, Thailand, Australia and Malaysia, and franchises in India and Indonesia.
The Paris-based beauty retailer Sephora most recently opened the doors of it first store in New Zealand last month.
As of December 2018, Sephora operates via a global network of 2,500 stores in some 30