RITUALS , the luxury cosmetics brand, disclosed a data breach in which attackers gained unauthorised access to its systems and downloaded part of the My Rituals member database. The incident is said to have occurred earlier this month, with Rituals confirming that the unauthorised download has been contained and that passwords or payment information were not accessed.
According to Rituals, the breached data included full names, email addresses, phone numbers, dates of birth, gender, and home addresses of affected members, while no passwords or payment details were compromised. The company has initiated a forensic investigation and has reported the incident to the relevant authorities, noting that it is not yet clear how many users were impacted and whether the breach involved ransomware.
Rituals also warned users to remain vigilant for phishing messages, emphasising that there is no known claim of responsibility from ransomware or extortion groups at this time.