Story image

Sephora hit by data breach; Asia & A/NZ user passwords cancelled

30 Jul 2019
Twitter
Facebook

Beauty store Sephora is urging online customers across parts of Asia, Australia and New Zealand to change their passwords, after the company uncovered a data breach that potentially leaked customers’ personal information.

Sephora Southeast Asia says during the past two weeks, the company discovered a breach related to some customers in Singapore, Malaysia, Indonesia, Thailand, the Philippines, Hong Kong SAR, Australia and New Zealand.

The breach potentially exposed personal information such as names, dates of birth, genders, email addresses, and encrypted passwords, as well as users’ beauty preferences.

The company is quick to point out that no credit card information was affected and so far, the breach data doesn’t seem to have been misused.

“As a precaution, we have cancelled all existing passwords for customer accounts and have thoroughly reviewed our security systems. Please change to a new password, if you have not already done so,” the company states.

The company is also offering registrations to its personal data monitoring service offered by Experian. The service provides identity monitoring so users can be notified if data matching their information is found on the internet and dark web. The service also offers restoration assistance in the case of identity theft.

Customers can use the unique code sent to them via email to register for the service. you can register for the personal data monitoring service at http://www.globalidworks.com/identity1. 

“This is an optional service, and you can choose which type of personal data you wish to monitor,” states Sephora.

Sephora is still investigating the cause of the breach with the help of ‘independent experts’.

“We understand how important your personal information is and value the trust you place in us to protect it,” the company states.

Sephora’s physical stores have not been affected by the breach. The company recently opened its first physical store in Auckland.

Sephora customers took to Twitter to voice their concerns:

"myiaerr‏ @myiaerr
@Sephora seems to be taking the data breach lightly cos they believed after two weeks no less, PII “may” have been exposed. So does it mean you don’t know? You’re pretty sure no cc info was tempered with but your apology email is vague AF. #SephoraSEA #databreach."

"jess jackson‏ @lainemaree 
Anyone else just sigh when they open their email to discover another company has had a data breach? At least Sephora has given people a free membership to an internet surveillance provider."