Rituals Cosmetics Confirms Data Breach of Customer Membership Information

Severity: Medium (Score: 48.9)

Sources: Techcrunch, Bleepingcomputer, Securityaffairs.Co

Summary

Rituals, a Dutch cosmetics company, has confirmed a data breach affecting its 'My Rituals' membership database. The breach was discovered in April 2026, when unauthorized downloads of customer data were detected. The compromised information includes full names, email addresses, phone numbers, dates of birth, gender, and postal addresses. While the company has not disclosed the number of affected customers, its membership program has over 41 million members, indicating a potentially large impact. No passwords or payment information were accessed during the breach. Rituals has initiated a forensic investigation and notified relevant authorities. The exact nature of the cyberattack remains undisclosed, and no group has claimed responsibility for the incident. Some affected customers are located in the United States, alongside those in Europe and the UK. Key Points: • Rituals confirmed a data breach affecting its My Rituals loyalty program members. • Compromised data includes names, email addresses, and phone numbers, but not payment info. • The breach was discovered in April 2026, with no attribution to specific threat actors.

Key Entities

• Data Breach (attack_type)
• Rituals (company)
• Netherlands (country)
• United Kingdom (country)
• United States (country)
• Retail (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)