Sephora reports data breach, but few details

High-end beauty product supply retailer Sephora is reporting a data breach affecting its customers in the South Pacific and Southeast Asia.

The chain sent an email to its online customers on July 29 detailing the incident. At this time the company does not believe any credit card information was involved nor that any of the data exposed has been used in a malicious manner, The Straits Times reported. The information involved included first and last name, date of birth, gender, email address and encrypted password, and data related to beauty preferences.

The number of people affected was not released.

“Sephora customers in North America are not affected in any way by this incident. All our regional databases operate independently. This issue is limited to a different database which only serves our Southeast Asia, Hong Kong SAR and Australia/New Zealand e-commerce customers,” a Sephora spokesperson told SC Media.

A hard reset of all passwords was conducted and free credit monitoring is being offered to those people involved, but this does not necessarily make customers safe.

“While Sephora has cancelled all existing passwords as an immediate first step, customers are inherently still at risk. The lasting impact is unknown and unfortunately, a staggering 59% of consumers admit to reusing the same password across multiple sites, even knowing the risks associated. This could give cybercriminals access to various accounts for the same individual across multiple services, rendering their entire digital footprint incredibly vulnerable as a result,” said Kevin Gosschalk, CEO, Arkose Labs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.