Sephora Southeast Asia’s Online Customers Hit by Data Breach

Personal information of some Sephora’s online customers in some Asia and Oceania countries have been leaked.

The international cosmetics retailer recently announced that a data breach had led to the exposure of personal information. Some customers affected by the breach come from Hong Kong, Singapore, Malaysia, Indonesia, Thailand, Philippines, Australia, and New Zealand.

The company did not state in its emailed notice to customers the exact number of users affected.

Sephora Southeast Asia’s Online Customers Hit by Data Breach


The breach had compromised the customer’s first and last name, date of birth, gender, email address, encrypted password. It also exposed information related to consumer’s beauty preferences to unauthorized third parties.

In the email, Sephora Southeast Asia managing director Alia Gogi assured customers that no credit card information was accessed. She also noted that no personal data had been misused.

Gogi went on to apologize to customers. She said that the company has already taken measures such as cancelling all existing passwords for customer accounts. The company is also “thoroughly reviewing” its security systems, she added.

Sephora advised all its online users to change their passwords. The company also told its customers to register on its website’s data monitoring service by November 30.

No Vulnerability Spotted

A spokesperson from Sephora Southeast Asia said that IT experts found “no major vulnerability” on the company’s websites.

There were also no traces of a cyberattack were found.

The company also said the data breach came to its attention “over the last two weeks.” Immediately after the detection, it appointed independent experts for an investigation. Affected customers were also notified as soon as the incident details had been verified.

The incident only affected a database of it’s Southeast Asia, Hong Kong, and Australia/New Zealand online customers, Sephora stated. It added that customers can now safely use its website and mobile app.

A spokesperson from Brunswick Group, strategy advisory firm, said Sephora Southeast Asia’s regional databases operate independently. Brunswick is working with the retailer’s Southeast Asia division.

Founded in France, Sephora has nearly 2,000 stores in approximately 30 global markets. The company sells cosmetics, fragrance, beauty tools, skincare, personal hygiene, and hair care products.

Sephora was not the only company impacted by a data breach incident this week. Recently, a hacker obtained access to millions of Capital One customers’ accounts and credit card applications. National Australia Bank also admitted it accidentally leaked the names and contact details of some 13,000 customers.