Skip to content
Data breachContained

Leak at Clarins

French luxury skincare group Clarins confirmed in September 2025 that the Everest extortion gang had exfiltrated contact details of customers in France, the US and Canada; the actor claimed over 600,000 records, with no financial data affected.

Victim
Clarins
records
600.0K

On 18 September 2025, Clarins β€” the French luxury skincare and cosmetics group β€” notified customers that some of their personal data had been illegally downloaded by a third party. The disclosure followed the appearance of Clarins data on the dark-web leak site of the Everest extortion gang, which claimed to have stolen the records of more than 600,000 customers across France, the United States and Canada.

The exposed information consisted of customer contact and account details rather than payment data. Clarins stated that no bank account numbers, credit card numbers or passwords were compromised.

Categories of data reported as exposed include:

  • Full names
  • Dates of birth
  • Postal addresses
  • Phone numbers
  • Email addresses
  • Purchase history (skincare, makeup and other categories)

Clarins said it had acted immediately to address the issue, reinforcing its security protocols and putting in place procedures to support affected customers, and described the incident as under control. The breach was attributed to the Everest group, which published the data on its leak site; no ransom payment has been reported.

Sources

  1. usine-digitale.frhttps://www.usine-digitale.fr/article/clarins-victime-d-une-cyberattaque-les-donnees-personnelles-des-clients-exposees.N2237935
  2. cybernews.comhttps://cybernews.com/security/clarins-user-data-breach-everest/
  3. incibe.eshttps://www.incibe.es/en/incibe-cert/publications/cybersecurity-highlights/clarins-data-breach-impacts-more-600000-customers
  4. strategies.frhttps://www.strategies.fr/actualites/culture-tech/LQ5115117C/clarins-victime-dune-fuite-de-donnees-personnelles.html

Related incidents

Data breachContained

Leak at Batterie de Portable

On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data β€” names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.

Victim
Batterie de Portable
Data breachUnknown

Leak at Nouvelle Lune

On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.

Victim
Nouvelle Lune
Data breachUnknown

Leak at Parashop

On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.

Victim
Parashop
Data breachUnknown

Leak at Euromatik

On 12 December 2025, customer data from French roller-shutter and home-automation retailer Euromatik was exposed in a breach, including names, postal and email addresses, phone numbers, order and contract details, and hashed passwords.

Victim
Euromatik