Breaking
USSuper Typhoon Bavi Threatens Guam and Mariana IslandsINTLPalestinian Boy Dies After Israeli Checkpoint Blockade; Another Teen Shot DeadRUГлава Тувы пообещал оперативно информировать о поисках пропавших девочекARأعمال شغب ونهب في نيوبورت بيتش خلال احتفالات الرابع من يوليوJPサッカーW杯、ノルウェーがブラジル撃破で初の8強入り ハーランド2発ARأهوال منزل الرعب في أوهايو.. أطفال معزولون عن العالم في ظروف غير إنسانية (صور)ARجونسون يحذر من "البرابرة على الأبواب" في أمريكاARروسيا: لا نتوقع تغييرًا في مسار الناتو المناهض لروسيا قريبًاARخبير عسكري مصري: إسرائيل يجب أن تقلق من القدرات العسكرية المصريةARنائب الرئيس الأمريكي جي دي فانس: أوكرانيا يجب أن تركز على الدفاعUSSuper Typhoon Bavi Threatens Guam and Mariana IslandsINTLPalestinian Boy Dies After Israeli Checkpoint Blockade; Another Teen Shot DeadRUГлава Тувы пообещал оперативно информировать о поисках пропавших девочекARأعمال شغب ونهب في نيوبورت بيتش خلال احتفالات الرابع من يوليوJPサッカーW杯、ノルウェーがブラジル撃破で初の8強入り ハーランド2発ARأهوال منزل الرعب في أوهايو.. أطفال معزولون عن العالم في ظروف غير إنسانية (صور)ARجونسون يحذر من "البرابرة على الأبواب" في أمريكاARروسيا: لا نتوقع تغييرًا في مسار الناتو المناهض لروسيا قريبًاARخبير عسكري مصري: إسرائيل يجب أن تقلق من القدرات العسكرية المصريةARنائب الرئيس الأمريكي جي دي فانس: أوكرانيا يجب أن تركز على الدفاع
Newsgather
BackRituals Confirms Data Breach Exposing Customer Personal Information
Rituals Confirms Data Breach Exposing Customer Personal Information
Developing
TechCrunch4/22/2026Business2 min readUnited States

Rituals Confirms Data Breach Exposing Customer Personal Information

Netherlands-based cosmetics giant discloses unauthorized download of membership data affecting European, UK and US customers

Quick Look

  • Rituals, a Netherlands-based cosmetics company, has confirmed a data breach after hackers stole customer personal information from its membership database.
  • The company disclosed the breach this week after identifying an unauthorized download in April containing customers' full names, dates of birth, gender, postal and email addresses, phone numbers, preferred store locations and account types.
  • The breach affects customers across Europe, the United Kingdom and some in the United States.

AI-generated summary

Why It Matters

Rituals is a Netherlands-based cosmetics and home goods company with membership programs for customers. The breach follows a string of intrusions at other U.K. retailers including Co-op and Marks & Spencer, highlighting the retail sector's vulnerability to cyberattacks.

Font size

Netherlands-based cosmetics giant Rituals has confirmed a data breach affecting customers' personal information after hackers stole reams of data from its membership database. The company disclosed the breach on Wednesday, according to an email sent to customers that TechCrunch has viewed and verified. Rituals said it identified an "unauthorized download" of members' data in April that contained customers' full name, date of birth, gender, postal and email address, and phone number as well as their preferred Rituals store, and account type. When reached by TechCrunch, Rituals spokesperson Eline van Malssen said the hacker stole membership data about customers in Europe and the United Kingdom. TechCrunch has learned that some customers notified by Rituals are based in the United States. The spokesperson confirmed the incident also affects some U.S. customers. Rituals did not describe the nature of the cyberattack and the company said its investigation was underway to understand how the data breach happened. The cosmetics giant is the latest retailer to have customer membership data stolen in the past year, following a string of intrusions at U.K. grocery and shopping chains Co-op and Marks & Spencer, among others. Customer records can be attractive targets for hackers who steal the data and extort the company for a ransom in exchange for not publishing the information online. When reached with questions about the incident, a Rituals spokesperson declined to comment on whether the company received any communication from the hackers, to share a more precise timeline of the breach, or to provide the exact number of affected members, citing unspecified "security reasons."

Open Questions

  • How did hackers gain access to the database
  • What specific vulnerabilities were exploited
  • Exact number of affected customers
  • Whether ransom demand was received

Related Topics

This article was originally published by TechCrunch.

Related Stories

More on this topicrituals