Rituals: Cosmetics chain Rituals hit in latest Dutch cyber attack

Rituals Cosmetics Hit by Data Breach, Exposing Customer Personal Information

Amsterdam-based cosmetics retailer Rituals has confirmed a data breach exposing sensitive customer information, marking the latest in a string of cybersecurity incidents affecting Dutch companies. The stolen data includes full names, addresses, phone numbers, email addresses, dates of birth, and gender, as well as details about account types and preferred stores. While passwords and payment information were not compromised, the breach has raised concerns over potential phishing attacks.

Rituals, which operates over 1,500 stores across 33 countries and reported €2.4 billion in turnover for 2025, has not disclosed the number of affected customers but confirmed that notifications were sent to individuals in multiple European countries. The company has reported the incident to the Dutch privacy watchdog Autoriteit Persoonsgegevens (AP) and is collaborating with external specialists to monitor the dark web for any leaked data.

Though Rituals stated there is no evidence the stolen information has been published online, it warned customers to remain vigilant against phishing attempts, as cybercriminals could use the exposed details to craft convincing fraudulent messages. The breach follows a series of similar incidents in the Netherlands, including a February attack on telecom provider Odido that exposed 6.2 million records, a Booking.com data breach earlier this month, and a cyberattack on fitness chain Basic-Fit affecting up to one million European members.

Rituals has faced recurring issues with scammers impersonating the brand in "birthday gift" phishing emails over the past year, though the company maintains those incidents are unrelated to the current breach.

Source: https://www.dutchnews.nl/2026/04/cosmetics-chain-rituals-hit-in-latest-dutch-cyber-attack/

Rituals (B Corp™) cybersecurity rating report: https://www.rankiteo.com/company/rituals

"id": "RIT1776861527",
"linkid": "rituals",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Undisclosed (notifications sent '
                                              'to individuals in multiple '
                                              'European countries)',
                        'industry': 'Cosmetics/Retail',
                        'location': 'Amsterdam, Netherlands',
                        'name': 'Rituals Cosmetics',
                        'size': 'Over 1,500 stores across 33 countries, €2.4 '
                                'billion turnover (2025)',
                        'type': 'Retailer'}],
 'customer_advisories': 'Warning against phishing attempts and vigilance for '
                        'fraudulent messages',
 'data_breach': {'personally_identifiable_information': 'Full names, '
                                                        'addresses, phone '
                                                        'numbers, email '
                                                        'addresses, dates of '
                                                        'birth, gender, '
                                                        'account types, '
                                                        'preferred stores',
                 'sensitivity_of_data': 'High (PII exposed)',
                 'type_of_data_compromised': 'Personal Information'},
 'description': 'Amsterdam-based cosmetics retailer Rituals has confirmed a '
                'data breach exposing sensitive customer information, '
                'including full names, addresses, phone numbers, email '
                'addresses, dates of birth, and gender, as well as details '
                'about account types and preferred stores. While passwords and '
                'payment information were not compromised, the breach has '
                'raised concerns over potential phishing attacks.',
 'impact': {'brand_reputation_impact': 'Potential phishing attacks and brand '
                                       'impersonation concerns',
            'data_compromised': 'Full names, addresses, phone numbers, email '
                                'addresses, dates of birth, gender, account '
                                'types, preferred stores',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'None (payment information not '
                                        'compromised)'},
 'investigation_status': 'Ongoing (collaboration with external specialists)',
 'recommendations': 'Customers advised to remain vigilant against phishing '
                    'attempts using exposed personal information',
 'references': [{'source': 'Cyber Incident Report'}],
 'regulatory_compliance': {'regulations_violated': 'GDPR (likely)',
                           'regulatory_notifications': 'Reported to Dutch '
                                                       'privacy watchdog '
                                                       'Autoriteit '
                                                       'Persoonsgegevens (AP)'},
 'response': {'communication_strategy': 'Customer notifications and advisories '
                                        'against phishing attempts',
              'enhanced_monitoring': 'Dark web monitoring for leaked data',
              'third_party_assistance': 'External specialists monitoring the '
                                        'dark web'},
 'title': 'Rituals Cosmetics Data Breach Exposing Customer Personal '
          'Information',
 'type': 'Data Breach'}