Sephora hit by online data breach, Latest Singapore News - The New Paper
Singapore

Sephora hit by online data breach

This article is more than 12 months old
Hariz Baharudin
Reporter
Jul 30, 2019 06:00 am

Singapore's privacy watchdog is investigating international beauty retailer Sephora, after it reported a breach of its online users' data, affecting customers in Singapore as well as other countries.

Yesterday, the retailer, which has 12 stores here, issued a notice to its online customers stating that the data breach was discovered over the past two weeks.

In the e-mail, Sephora's managing director of South-east Asia Alia Gogi said: "Some personal information may have been exposed to unauthorised third parties, including first and last name, date of birth, gender, e-mail address and encrypted password, as well as data related to beauty preferences."

She added that no credit card information was accessed and that the company had "no reason to believe that any personal data has been misused".

In response to queries from The Straits Times, a spokesman for the Personal Data Protection Commission said: "PDPC has been notified by Sephora Digital SEA Pte Ltd of the incident and is looking into it."

On its website, Sephora said none of its physical stores was affected and it was safe for customers to use its mobile app and website.

Use taxi apps, not platform like Gojek, says passenger who was charged $10 booking fee
Singapore

Passenger says $10 taxi booking fee is unfair

Related Stories

TNP goes fully digital

DBS restores digital banking services, rules out cyber attack

Vegetable prices here rise due to wet weather in M'sia

It is not known how many customers were affected in the data breach.

Responding to queries from The Strait Times, a spokesman for Sephora South-east Asia said the experts it engaged found "no major vulnerability" on the company's websites.

No traces of a cyber attack were found either, and the spokesman added that it had no evidence any personal data had been misused.

The company has apologised and cancelled all existing passwords for customer accounts.

It has also conducted a review of its security systems and is offering a free personal data monitoring service to its customers through a third-party provider. Affected customers here can sign up for this service for a year, said the spokesman.

Customers who wish to avail themselves of the service can sign up at a link provided by Sephora while using a unique code by Nov 30.

Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now

CONSUMER ISSUES

Hariz Baharudin

Reporter
harizbah@sph.com.sg
Read articles by Hariz Baharudin