The French retailer announced it discovered a data breach at the end of July, two weeks after it happened, according to The Independent. The personal information of the customers from Singapore, Indonesia, Malaysia, Thailand, Hong Kong, the Philippines, Australia and New Zealand were compromised.
According to Sephora’s officials, the information that the exposed information included the first and last name of customers, their birth dates, gender, email addresses, encrypted passwords and data regarding “beauty preferences”. As a result, customers are advised to change their passwords immediately.
According to Alia Gogi, managing director for Sephora Southeast Asia, there was no breach in credit card information. She mentioned that the company has “no reason to believe any personal data has been misused”. The company mentioned that “as a precaution, we have cancelled all existing passwords for customer accounts and have thoroughly reviewed our security systems”. Gogi is calling for Sephora online account holders to change their passwords while indepdendent experts have been hired to investigate the breach. “We are also offering a personal data monitoring service, at no cost to you, through a leading third-party provider,” she said.
Any user can register for the personal data monitoring service, which will be available until 30 Nov, but it is only available to selected countries.
According to the company, the breach was limited to a database that serves Sephora’s Southeast Asia, Hong Kong SAR, Australia, and New Zealand customers that use online services.