If you have an online account with Sephora or know someone who has, take note.
The French cosmetics and beauty products retailer discovered a data breach on Jul 31, two weeks after it happened.
Customers from Singapore, Indonesia, Malaysia, the Philippines, Thailand, Australia, Hong Kong and New Zealand had their personal information compromised.
Alia Gogi, Sephora Southeast Asia managing director said that among the information that were exposed included the first and last names of customers, their birth dates, gender, email addresses, encrypted password and data pertaining to “beauty preference”.
Customers are advised to change their passwords immediately.
According to Gogi, credit card there was no breach in credit card information.
She said that Sephora has “no reason to believe that any personal data has been misused”.
“As a precaution, we have cancelled all existing passwords for customer accounts and have thoroughly reviewed our security systems,” says the company.
Independent experts have been roped in to investigate the breach.
While apologising, Gogi is calling for Sephora online account holders to change their passwords.
“We are also offering a personal data monitoring service, at no cost to you, through a leading third-party provider,” she said.
You can register for the personal data monitoring service which will be available until 30 Nov. However, this is only available to select countries.
The company says those that shop in physical stores and do not use the company’s online services or mobile app are not impacted by this incident.
It says the breach was limited to a database that serves Sephora’s Southeast Asia, Hong Kong SAR, Australia, and New Zealand customers that use online services.