Has your personal information been leaked in Sephora databases breach?

Besides their makeup, thousands of Sephora customers should start worrying about the security of their personal information. Security audit specialists report that the French cosmetics company has begun notifying its customers in Southeast Asia of a cybersecurity incident recently occurring in one of the company’s databases.

“Your personal information is truly important to us, as is the trust you place in this company for its backup,” mentions the email the company has sent to its customers. The message, signed by Ala Gogi, Sephora’s business manager, continues mentioning: “Over the past two weeks we have discovered a data breach that has compromised the security of the information of some users of our online services in countries such as Singapore, Malaysia, Indonesia, the Philippines, Australia and New Zealand.”

The company’s security audit staff concluded that some of their clients’ personal records may have been made available to third parties without authorization. Among the compromised data are:

  • Clients’ full names
  • Birth dates
  • Email addresses
  • Passwords (protected with encryption)
  • Additional details related to Sephora’s services

Despite the seriousness of the incident, the company asserts that its clients’ financial information is completely secure; furthermore, at least so far, there is no evidence to show that the information exposed has been used for malicious purposes.

After detecting the incident, Sephora began investigating possible causes; they even hired a group of extern security audit experts to assist in the investigation. Once the scope of the incident was determined, the company began notifying affected customers and the appropriate authorities. “We are sorry for any inconvenience this intrusion may cause; we assure you that this will not happen again,” Sephora’s message concludes.

As a security measure, Sephora performed a password reset for customers throughout Asia; in addition, the company will provide free personal information monitoring service packages for the affected users.