International beauty retailer Sephora has admitted to a breach of its online users' data, affecting customers in Singapore as well as in other countries including Malaysia, Indonesia, Thailand, Philippines.
Some personal information has been exposed to unauthorized third parties, including first and last name, date of birth, gender, e-mail address, and encrypted password.
Determining that no credit card information was accessed and that the company had no reason to believe that any personal data has been misused.
The security incident was limited to a database serving our Southeast Asia, Hong Kong SAR, and Australia/New Zealand customers who used their online services.
TPRM report: https://scoringcyber.rankiteo.com/company/sephora
"id": "sep2372423",
"linkid": "sephora",
"type": "Breach",
"date": "07/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Beauty',
'location': ['Singapore',
'Malaysia',
'Indonesia',
'Thailand',
'Philippines',
'Hong Kong SAR',
'Australia',
'New Zealand'],
'name': 'Sephora',
'type': 'Retailer'}],
'data_breach': {'data_encryption': 'encrypted password',
'personally_identifiable_information': ['first name',
'last name',
'date of birth',
'gender',
'e-mail address'],
'type_of_data_compromised': ['personal information']},
'description': 'International beauty retailer Sephora has admitted to a '
"breach of its online users' data, affecting customers in "
'Singapore as well as in other countries including Malaysia, '
'Indonesia, Thailand, Philippines.',
'impact': {'data_compromised': ['first name',
'last name',
'date of birth',
'gender',
'e-mail address',
'encrypted password'],
'systems_affected': ['database serving Southeast Asia, Hong Kong '
'SAR, and Australia/New Zealand customers']},
'title': 'Sephora Data Breach',
'type': 'Data Breach'}