[BreachExchange] Sephora data breach hits Southeast Asia and ANZ customers

[Destry Winant]

https://www.zdnet.com/article/sephora-data-breach-hits-southeast-asia-and-anz-customers/

Sephora has emailed customers in the Southeast Asia region to inform
them it has discovered a breach that occurred within the last
fortnight.

"We understand how important your personal information is and value
the trust you place in us to protect it," the email penned by Sephora
SEA managing director Alia Gogi said.

"Over the last two weeks, we discovered a breach in data related to
some customers who have used our online services in Singapore,
Malaysia, Indonesia, Thailand, Philippines, Hong Kong SAR, Australia,
and New Zealand."

Sephora said some personal information may have been exposed to
unauthorised third parties, including first and last name, date of
birth, gender, email address, and encrypted password, as well as data
related to beauty preferences.

The company said that no credit card information was accessed, and the
email continued to say that Sephora has no reason to believe that any
personal data has been misused.

Once Sephora became aware of the incident, it said it immediately
appointed independent experts to help investigate. It said as soon as
it was able to verify the details of the incident, it notified
affected customers.

"We are sorry for any concern or inconvenience this may cause you,"
the email from Gogi said.

"As a precaution, we have cancelled all existing passwords for
customer accounts and have thoroughly reviewed our security systems.
We are also offering a personal data monitoring service, at no cost to
you, through a leading third-party provider."

Sephora recommends customers set up a new password and register for
the free personal data monitoring service.

"We would like to assure you that we will continue to take all
necessary steps to protect your privacy," it continued.

Those that shop in physical stores and do not use the company's online
services or mobile app are not impacted by this incident as it was
limited to a database that serves Sephora's Southeast Asia, Hong Kong
SAR, Australia, and New Zealand customers that use online services.