Cosmetics giant Rituals discloses data breach affecting customers
Source: Bleeping Computer
Data Breach Overview
Dutch cosmetics giant Rituals disclosed that attackers accessed personal information from its “My Rituals” membership database. The breach was discovered earlier this month after the company was alerted to unauthorized downloads of members’ data. Rituals has reported the incident to the relevant authorities and has blocked the attackers’ access. No evidence has been found that the stolen information has been leaked online.
Information Stolen
According to Rituals, the compromised data may include:
- Full name
- Email address
- Phone number
- Date of birth
- Gender
- Home address
The company confirmed that no passwords or payment information were accessed.
Source: Rituals FAQ
Company Response
- An in‑depth forensic investigation has been launched to determine the cause and prevent future incidents.
- Affected customers have been notified directly.
- The breach has been reported to the relevant authorities.
- No attribution details or communications with the unauthorized party have been disclosed.
TechCrunch first reported the incident and noted that some U.S. customers were also notified.
Source: TechCrunch article
Impact and Scope
- The breach affects members of the My Rituals loyalty program, which offers exclusive rewards, gift‑with‑purchase benefits, and birthday gifts.
- Rituals has not disclosed the exact number of affected customers.
- The program reportedly has over 41 million members.
Source: Rituals business highlights
Company Background
- Founded in 2000 in Amsterdam, Netherlands.
- Over 12,000 employees worldwide.
- Reported €2.4 billion in revenue for 2025.
- Operates more than 1,400 retail boutiques and roughly 4,800 luxury perfumeries and department stores across 33 countries.
Update April 23, 10:16 EDT: Added Rituals statement.