CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Unauthorized access to My Rituals member data at luxury cosmetics company Rituals

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Luxury cosmetics company Rituals disclosed an unauthorized access incident affecting its My Rituals loyalty program members. The intrusion occurred earlier in April 2026 and resulted in the exfiltration of members’ personally identifiable information (PII), including names, addresses, phone numbers, email addresses, dates of birth, and gender. The incident was contained after detection, with no indication of password or payment data compromise. Rituals has initiated forensic analysis and notified relevant authorities but has not disclosed the number of affected individuals at this time.

Timeline

  1. 23.04.2026 14:04 1 articles · 3h ago

    Rituals data breach impacts My Rituals loyalty program members with PII exposure

    Rituals disclosed unauthorized access to My Rituals member data in April 2026, including PII such as names, addresses, and contact details. No passwords or payment data were compromised. The company is conducting forensic analysis, has contained the incident, and notified relevant authorities. Customers are advised to remain vigilant against phishing attempts.

    Show sources
    Open in new tab

Information Snippets

  • Rituals confirmed unauthorized access and data exfiltration impacting My Rituals loyalty program members in April 2026.

    First reported: 23.04.2026 14:04
    1 source, 1 article
    Show sources

  • Compromised data includes names, addresses, phone numbers, email addresses, dates of birth, and gender; no passwords or payment information were exposed.

    First reported: 23.04.2026 14:04
    1 source, 1 article
    Show sources

  • The company stated the situation was contained, forensic investigation launched, and authorities notified; no ransomware or extortion group has claimed responsibility.

    First reported: 23.04.2026 14:04
    1 source, 1 article
    Show sources

  • Rituals operates globally with over 40 million My Rituals members across 28 countries via online and physical retail channels.

    First reported: 23.04.2026 14:04
    1 source, 1 article
    Show sources

Similar Happenings

ManoMano Data Breach Affects 38 Million Customers via Third-Party Service Provider

ManoMano, a European DIY e-commerce platform, disclosed a data breach impacting 38 million customers. The breach occurred in January 2026 due to unauthorized access to a third-party customer service provider. Exposed data includes full names, email addresses, phone numbers, and customer service communications. The stolen data includes information associated with 37.8 million ManoMano user accounts, over 900,000 service tickets, and over 13,000 attachments, pertaining to users across France, Germany, Italy, Spain, and the United Kingdom. No account passwords were compromised. The company has taken steps to secure its environment and notified relevant authorities and affected customers. The breach was claimed by an individual using the alias 'Indra' on a hacker forum, alleging the theft of 37.8 million user accounts and thousands of support tickets. The compromised service provider is reportedly a Tunis-based customer support firm that suffered a Zendesk breach.

Open in new tab

Odido Data Breach Exposes 6.2 Million Customer Records

Dutch telecommunications provider Odido suffered a cyberattack that exposed personal data of 6.2 million customers. The breach occurred in their customer contact system, but no passwords, call logs, or billing information were affected. The company detected the incident on February 7 and has since taken steps to secure their systems and notify affected customers. The exposed data includes full names, addresses, mobile numbers, customer numbers, email addresses, IBANs, dates of birth, and identification data. Odido has reported the breach to the Dutch Data Protection Authority and is working with external cybersecurity experts to mitigate the incident. The ShinyHunters extortion gang has claimed responsibility for the breach, stating they have stolen nearly 21 million records, including internal corporate data and plaintext passwords. Odido has denied these claims, asserting that no passwords or sensitive data were compromised.

Open in new tab

Harrods Data Breach via Third-Party Provider

Harrods, a luxury British department store, disclosed a new data breach affecting 430,000 online customers. The breach involved the compromise of a third-party provider's system, leading to the exposure of names, contact details, and internal marketing tags and labels. The incident was isolated and contained, and no account passwords, payment details, or order histories were compromised. The breach is not connected to a previous incident in May, where unauthorized access attempts were detected. Four individuals were arrested in July for suspected involvement in cyberattacks against Harrods and other major British retailers. This breach is part of a series of recent cyberattacks targeting high-profile British businesses, including Jaguar Land Rover and Kido nursery chain.

Open in new tab

Sensitive Data Exposed in Auchan Retailer Cyberattack

A cyberattack on Auchan, a French multinational retail group, exposed sensitive data associated with the loyalty accounts of several hundred thousand customers. The breach, which occurred in November 2024, included full names, titles, postal addresses, email addresses, phone numbers, and loyalty card numbers. The incident did not affect bank data, passwords, or PIN numbers. The company has notified the French Data Protection Authority (CNIL) and is advising customers to be vigilant against potential phishing attacks. The breach occurred amidst a series of similar incidents affecting large French entities, though no direct links have been established. This is the second data breach Auchan has disclosed over the past year.

Open in new tab