Clarins Group

The Clarins Group, a luxury French skincare company, fell victim to a ransomware attack by the Everest group, which exposed the personal data of over 600,000 customers across the U.S., France, and Canada. The leaked information includes names, birth dates, addresses, phone numbers, email addresses, and purchase histories—data typically collected during online transactions or loyalty program sign-ups. While the exposed details may seem non-critical at first glance, they pose significant risks for phishing attacks, identity theft, tax fraud, and further malicious exploitation.The Everest group, active for at least four years and linked to high-profile attacks like the 2022 breach of AT&T, has not yet demanded a ransom from Clarins. However, the sheer volume of compromised records—combined with Clarins’ $2.35B annual revenue and 8,000-strong workforce—makes this a high-stakes incident. The breach underscores vulnerabilities in customer data protection, with potential cascading effects if threat actors leverage the stolen information for social engineering, financial scams, or deeper system infiltrations. Clarins’ global presence and premium brand status further amplify reputational and operational risks.

Source: https://www.tomsguide.com/computing/online-security/skincare-giant-clarins-allegedly-hit-in-data-breach-with-600-000-customers-exposed-what-you-need-to-know

TPRM report: https://www.rankiteo.com/company/groupe-clarins

"id": "gro5493154091525",
"linkid": "groupe-clarins",
"type": "Ransomware",
"date": "6/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': '600,000+ (across U.S., France, '
                                              'and Canada)',
                        'industry': 'luxury skincare and cosmetics',
                        'location': 'Paris, France (HQ)',
                        'name': 'Clarins Group',
                        'size': '~8,000 employees',
                        'type': 'private company'}],
 'customer_advisories': ['Be vigilant for phishing and social engineering '
                         'attacks.',
                         'Consider identity theft protection services.',
                         'Report suspicious activity to relevant authorities '
                         'or Clarins Group.'],
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': '600,000+',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'moderate (PII with potential for '
                                        'identity theft and phishing)',
                 'type_of_data_compromised': ['personal identifiers (names, '
                                              'birth dates, addresses, phone '
                                              'numbers, email addresses)',
                                              'purchase histories (skincare '
                                              'and makeup products)',
                                              'loyalty program data']},
 'description': 'The Everest ransomware group claimed to have exposed the data '
                'of over 600,000 customers of the luxury French skincare '
                'company, Clarins Group. The exposed data includes customer '
                'details such as names, birth dates, addresses, phone numbers, '
                'email addresses, and purchase histories from online stores '
                'and loyalty programs across the U.S., France, and Canada. '
                'While the data may not appear highly sensitive, it could be '
                'repurposed for phishing attacks, malware distribution, or '
                'identity theft. The Everest group, active for at least four '
                'years, has targeted over 100 organizations in the past 12 '
                'months, including a notable 2022 attack on AT&T. No ransom '
                'demand has been reported for this incident as of now.',
 'impact': {'brand_reputation_impact': 'high (potential damage due to exposure '
                                       'of 600,000+ customer records)',
            'data_compromised': True,
            'identity_theft_risk': 'high (exposed PII could enable phishing, '
                                   'tax fraud, or identity theft)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'claimed (sample data '
                                                    'posted on dark web by '
                                                    'Everest group)'},
 'investigation_status': 'ongoing (claims by Everest group are being verified; '
                         'no confirmation of data authenticity yet)',
 'motivation': ['financial gain (presumed)',
                'data theft',
                'potential extortion'],
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Everest'},
 'recommendations': ['Customers should enroll in identity theft protection '
                     'services to mitigate risks of fraud or identity theft.',
                     'Monitor accounts for suspicious activity, particularly '
                     'phishing attempts (e.g., urgent emails requesting '
                     'personal/financial details).',
                     'Avoid clicking on links, QR codes, or attachments from '
                     'unknown senders.',
                     'Use antivirus software, VPNs, and hardened browsers to '
                     'protect against malware and online threats.',
                     'Companies should review and strengthen defenses against '
                     'social engineering attacks, given the size of the '
                     'workforce (~8,000 employees).'],
 'references': [{'source': 'Cybernews'}, {'source': "Tom's Guide"}],
 'threat_actor': 'Everest ransomware group',
 'title': 'Clarins Group Data Exposure by Everest Ransomware Group',
 'type': ['data breach', 'ransomware attack (claimed)']}