A Sephora data breach has been confirmed, spanning customers from Hong Kong across Southeast Asia and into Australasia.
The LVMH-owned company has emailed online customers who may have been affected confirming some of their data may have been accessed and copied.
The international beauty retailer said an unknown number of customers have been affected in territories including Hong Kong, Singapore, Malaysia, Indonesia, Thailand, the Philippines, New Zealand and Australia. Stores were not affected with the compromised data relating only to people using the brand’s online services in the region.
The firm sent an email out to its users on Monday explaining that the breach had become apparent over the course of the past fortnight.
“Some personal information may have been exposed to unauthorised third parties,” said the email signed by Sephora’s MD Southeast Asia Alia Gogi, “including first and last name, date of birth, gender, email address and encrypted password, as well as data related to beauty preferences.”
The email (pictured above) explaining the Sephora data breach stated that credit-card information does not appear to have been accessed and that personal data had not been misused.
The firm has responded by resetting all existing passwords and conducting a full security review, as well as offering customers a free personal monitoring service, available via a unique code and sign-up link directing users to a third party solutions provider.