Netherlands-based cosmetics giant Rituals has confirmed a data breach affecting customers’ personal information after hackers stole large amounts of data from the company’s member database.
The company disclosed the breach on Wednesday, according to an email sent to customers seen and verified by TechCrunch.
Rituals announced in April that it had identified an “unauthorized download” of member data, including a customer’s name, date of birth, gender, postal code and email address, phone number, preferred Rituals store and account type.
In an interview with TechCrunch, Rituals spokesperson Eline van Malssen said hackers stole membership data for customers in Europe and the United Kingdom.
TechCrunch has learned that some of the customers notified by Rituals are based in the United States. A spokesperson confirmed that the incident also affected some customers in the United States.
Rituals did not explain the nature of the cyberattack, and the company said an investigation is underway to determine how the data breach occurred.
The cosmetics giant has become the latest retailer to have customer member data stolen in the past year, following a series of break-ins at British grocery and shopping chains including Co-op and Marks & Spencer. Customer records can be an attractive target for hackers who steal data and extort ransoms from businesses in exchange for not publishing the information online.
Asked about the incident, a Rituals spokesperson declined to comment on whether the company had received any contact from the hackers, share a more precise timeline of the breach, or say exactly how many members were affected, citing unspecified “security reasons.”
Rituals has more than 41 million customers in its member database, according to its website. The retail giant generated revenue of 2.4 billion euros ($2.8 billion) in 2025.
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
Source link
