Sephora hit by online data breach
Singapore's privacy watchdog is investigating international beauty retailer Sephora, after it reported a breach of its online users' data, affecting customers in Singapore as well as other countries.
Yesterday, the retailer, which has 12 stores here, issued a notice to its online customers stating that the data breach was discovered over the past two weeks.
In the e-mail, Sephora's managing director of South-east Asia Alia Gogi said: "Some personal information may have been exposed to unauthorised third parties, including first and last name, date of birth, gender, e-mail address and encrypted password, as well as data related to beauty preferences."
She added that no credit card information was accessed and that the company had "no reason to believe that any personal data has been misused".
In response to queries from The Straits Times, a spokesman for the Personal Data Protection Commission said: "PDPC has been notified by Sephora Digital SEA Pte Ltd of the incident and is looking into it."
On its website, Sephora said none of its physical stores was affected and it was safe for customers to use its mobile app and website.
It is not known how many customers were affected in the data breach.
Responding to queries from The Strait Times, a spokesman for Sephora South-east Asia said the experts it engaged found "no major vulnerability" on the company's websites.
No traces of a cyber attack were found either, and the spokesman added that it had no evidence any personal data had been misused.
The company has apologised and cancelled all existing passwords for customer accounts.
It has also conducted a review of its security systems and is offering a free personal data monitoring service to its customers through a third-party provider. Affected customers here can sign up for this service for a year, said the spokesman.
Customers who wish to avail themselves of the service can sign up at a link provided by Sephora while using a unique code by Nov 30.