Cosmetics giant Rituals confirms data breach of customer membership records
Source: TechCrunch
Data Breach Overview
Netherlands‑based cosmetics giant Rituals has confirmed a data breach affecting customers’ personal information after hackers stole data from its membership database.
The company disclosed the breach on Wednesday via an email sent to customers that TechCrunch has viewed and verified.
Breached Data
Rituals said it identified an “unauthorized download” of members’ data in April. The stolen records included:
- Full name
- Date of birth
- Gender
- Postal and email address
- Phone number
- Preferred Rituals store
- Account type
Affected Regions
When reached by TechCrunch, Rituals spokesperson Eline van Malssen said the hacker stole membership data about customers in Europe and the United Kingdom. The spokesperson also confirmed that some affected customers are based in the United States.
Company Response
Rituals did not describe the nature of the cyberattack and said its investigation was underway to understand how the breach happened. A spokesperson declined to comment on whether the company received any communication from the hackers, to share a more precise timeline of the breach, or to provide the exact number of affected members, citing unspecified “security reasons.”
Context
The cosmetics giant is the latest retailer to have customer membership data stolen in the past year, following intrusions at U.K. grocery and shopping chain Co‑op and Marks & Spencer, among others. Customer records can be attractive targets for hackers who may steal the data and extort the company for a ransom in exchange for not publishing the information online.
Company Size
According to its website, Rituals has over 41 million customers in its membership database. The retail giant generated €2.4 billion ($2.8 billion) in revenue in 2025.