Sephora customers, who have signed up for an online account on Sephora’s Malaysia website are among those affected by a regional data breach involving the cosmetic and beauty product retailer.
The breach, which was discovered a fortnight ago also affected customers from Australia, Hong Kong, Indonesia, New Zeland, the Philippines, Singapore as well as Thailand. Customer Data and Personal Information including First and Last Name, Date of Birth, Gender, Email Address, Encrypted password as well as ‘Beauty Preference’ are confirmed to have been compromised – after Sephora appointed independent experts to help investigate the breach.
The Company has also since confirmed that no credit card information has been compromised, and they have no reason to believe that any personal data has been misused.
Sephora has since reached out to all customers, notifying them of the data breach, as well as cancelling their passwords. Customers have been advised to immediately change their passwords. The obvious problem here – as it always is with most data breaches is that customers tend to reuse their passwords across multiple platforms and this immediately compromises their credentials across other platforms as well.
Aside from that, Sephora is also providing its customers, at no additional costs, a personal data monitoring service from Golbalidworks.com to ensure that their leaked data is not misused.