RITUALS has disclosed a data breach affecting its My Rituals members, with the incident disclosed on 23 April 2026 and the company saying it occurred earlier this month. The breach involved unauthorized access to and download of some members’ data, and the company says it acted immediately to stop the access and contains the situation, with affected members being informed directly.
Potentially impacted information may include customers’ names, addresses, phone numbers, email addresses, dates of birth, and gender, while no passwords or payment information were compromised. Rituals says it has initiated an in-depth forensic investigation and has reported the incident to the relevant authorities. A spokesperson told SecurityWeek that the number of potentially impacted individuals could not be shared at this time, noting the company has over 40 million My Rituals members.
SecurityWeek has not seen any known ransomware or extortion group claiming responsibility, and Rituals says it is not aware of the stolen information being publicly released.