Your Top Five Cyber Risks in Five Clicks with the Free Cyber Risk Analysis

FREE RISK ANALYSIS
Request Demo

Sephora has notified customers in the Asia-Pacific region who have online accounts that the cosmetics and beauty products retailer suffered a data breach, according to Malay Mail.

Customers reportedly received an email in which the company explained that an unauthorized third party had gotten access to the personal information of “some customers,” reportedly those in Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore and Thailand.

The exposed information included the users’ first and last name, date of birth, gender, email address, encrypted password and data related to “beauty preferences,” according to what Alia Gogi, managing director of Sephora Southeast Asia, reportedly wrote in an email.

Additionally, Gogi added that no credit card information was accessed and the company has “no reason to believe that any personal data has been misused,” the report said.

"It is a great challenge for many organizations to standardize their cybersecurity operations globally. Varying regulations for both security and privacy come into play, especially when dealing with an enterprise that operates around the globe,” said George Wrenn, founder and CEO of CyberSaint Security.

“This breakdown is why we see many large organizations flock to an integrated risk management (IRM) approach. IRM is allowing organizations to aggregate risk and compliance data from all business units and make smarter and more informed decisions. With the patchwork of regulations that are emerging around the world, cybersecurity leaders must be prepared to integrate their organizations to stay wholly aware of the posture of their organization."

Fraudsters and cyber-criminals have easy access to customer data given the mega breaches of the past few years, and Kevin Gosschalk, CEO, Arkose Labs, said that each subsequent breach only adds to the available information on the dark web, creating a paradigm of fraudulent activity.

“These types of incidents provide cyber-criminals with the incentive and tools they need in order to commit ongoing, lucrative and easy fraud. In this case, the information hackers had access to, including encrypted passwords and email addresses, can now be weaponized in future account takeover (ATO) attacks. While Sephora has cancelled all existing passwords as an immediate first step, customers are inherently still at risk,” Gosschalk added.

"There is an ongoing onus on Sephora to safeguard its customers against future cybercrime associated with their password vulnerabilities. Our reality is that cybercrime is a well-funded and connected business where fraudsters have access to sophisticated tools and resources to launch attacks. This breach is yet another incident that provides them with the exact ammunition they need. The longer-term solution will come from eliminating the economic incentives behind these attacks through the use of integrated strategies that detect fraud in real time and block attacks from being successful.”

This post, written by Kacy Zurkus originally appeared on Infosecurity Magazine

You may also like

CyberSaint Recognized in ...
on October 28, 2024

BOSTON— (BUSINESSWIRE)— CyberSaint, a leader in cyber risk management, was recognized in Gartner’s Innovation Insight: Cyber GRC Streamlines Governance report as a Representative ...

CyberSaint Recognized in 2024 ...
on August 21, 2024

BOSTON--(BUSINESS WIRE)--CyberSaint, a leader in cyber risk management, was recognized in the 2024 Gartner Hype Cycle™ for Cyber Risk Management as a Sample Vendor for Cyber ...

STRONGER 2024 Conference ...
on July 31, 2024

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, today announced that attendee registration is now open for its annual STRONGER conference; the ...

CyberSaint Enables Customers to ...
on July 29, 2024

In today’s fast-paced business environment, CISOs must navigate the constant daily flood of data while prioritizing risk buy-down in the areas most likely to affect their ...

Jerry Layden
CyberSaint Launches NIST CSF ...
on May 8, 2024

BOSTON--(BUSINESS WIRE)--CyberSaint, the leader in cyber risk management, announced today the release of the NIST Cybersecurity Framework (CSF) Benchmarking Feature, which allows ...

CyberSaint Announces $21M in ...
on March 20, 2024

Boston, MA – March 20th, 2024 – CyberSaint, the leader in cyber risk management, today announced the company has raised $21M in Series A funding led by Riverside Acceleration ...