Cosmetics giant Rituals discloses data breach affecting customers

Cosmetics giant Rituals discloses data breach affecting customers By Sergiu Gatlan April 23, 2026 10:16 AM 0 Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. The company revealed the security incident in a Wednesday notice, saying that the breach was discovered earlier this month after it was alerted to unauthorized downloads of its members' data. Rituals has notified relevant authorities of the incident and has since contained the breach by blocking the attackers' access. It also added that it has yet to find evidence that the stolen information has been leaked online. "The personal data involved (to the extent you have shared it with us) may include full name, email address, phone number, date of birth, gender, home address. We can confirm that no passwords or payment information were accessed," Rituals said. "We have initiated an in-depth forensic investigation to understand how this happened and what measures we can take to prevent a similar incident in the future. We have also reported it to the relevant authorities." The company says the data breach affects members of its My Rituals loyalty program, which offers exclusive rewards, gift-with-purchase benefits, and birthday gifts. While a Rituals spokesperson didn't share how many customers have been affected by this data breach, the company says its My Rituals has over 41 million members. TechCrunch, which first reported the incident, said Rituals also notified some customers in the United States. "We have informed affected customers directly and have reported the incident to the relevant authorities," the spokesperson also told BleepingComputer when asked for more details. "For security reasons, we’re not able to share further details on attribution or comment on any potential communications with the unauthorised party." Rituals has also yet to disclose the nature of the cyberattack, and no cybercrime groups or threat actors have claimed responsibility for the breach. Founded in 2000 in Amsterdam, Netherlands, Rituals now has over 12,000 employees worldwide and reported €2.4 billion in revenue in 2025. Rituals also operates more than 1,400 retail boutiques and just over 4,800 luxury perfumeries and department stores across 33 countries. Update April 23, 10:16 EDT: Added Rituals statement. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Cyberattack disrupts Venezuelan oil giant PDVSA's operations Amtrak resets user passwords after Guest Rewards data breach Data breach at edtech giant McGraw Hill affects 13.5 million accounts CERT-EU: European Commission hack exposes data of 30 EU entities Medtech giant Stryker fully operational after data-wiping attack