Sephora has revealed that a data breach might have exposed the personal information of customers based in Southeast Asia, Australia and New Zealand.
On 29 July, the multinational chain of personal care and beauty stores sent out a notice announcing that a digital security incident had potentially infected the personal information of customers based in Singapore, Malaysia, Indonesia, Thailand, Philippines, Hong Kong SAR, Australia and New Zealand. These pieces of data included customers’ names, dates of birth, email addresses, genders, encrypted passwords and beauty preference data.
As of this writing, it’s unclear from the notice how many customers the data breach might have affected.
The company didn’t find any evidence of the security incident having compromised customers’ credit card information. Nor did it uncover any indicators that bad actors had misused those details.
These discoveries notwithstanding, Sephora disclosed its intention to help customers protect themselves going forward. As quoted in its notice:
We are sorry for any concern or inconvenience this may cause you. As a precaution, we have cancelled all existing passwords for customer accounts and have thoroughly reviewed our security systems. We are also offering a personal data monitoring service, at no cost to you, through a leading third-party provider.
The beauty store multinational chain recommends that customers who might have fallen victim to this data breach register for the personal data monitoring service at Experian IdentityWorks Global. These customers should also make a point of creating a strong password for their accounts. Towards that end, they should follow these expert recommendations.
Based on the types of information potentially exposed, Sephora customers should also take some additional steps to defend themselves against identity thieves. This resource is a great place to start.
Customers can learn more about the Sephora data breach by visiting sephora.sg/wecare and reaching out to customer support.