SINGAPORE – International beauty retailer Sephora has admitted to a breach of its online users’ data, affecting customers in Singapore as well as in other countries including Malaysia, Indonesia, Thailand, the Philippines, New Zealand and Australia.
On Monday (July 29), the popular make-up retailer, which has 12 stores in Singapore, issued a notice to its online customers to say that the data breach was discovered over the past two weeks.
In the e-mail, Sephora’s managing director of South-east Asia Alia Gogi said: “Some personal information may have been exposed to unauthorised third parties, including first and last name, date of birth, gender, email address and encrypted password, as well as data related to beauty preferences.”
She added that no credit card information was accessed and that the company had “no reason to believe that any personal data has been misused”.
It is not known how many customers were affected in the data breach.
The company has apologised and cancelled all existing passwords for customer accounts.
It has also conducted a review of its security systems and is offering a free personal data monitoring service to its customers, through a third-party provider.
Customers who wish to avail themselves of the service can sign up at a link provided by Sephora while using a unique code by Nov 30.
In the e-mail, the company also recommended that its customers change the passwords to their accounts.
The French brand was founded in 1970 and, in addition to its own label, carries hundreds of other brands with products ranging from cosmetics, skincare, fragrance, beauty tools, personal care products and haircare.
In response to queries from The Straits Times, a spokesman from the Personal Data Protection Commission said: “PDPC has been notified by Sephora Digital SEA Pte Ltd. of the incident and is looking into it.”