Skip to content
Data breachContained

Rituals: customer personal data leaked after a cyberattack

On 22 April 2026, Dutch cosmetics and home-fragrance brand Rituals disclosed an unauthorised download of its loyalty membership database, exposing members' names, dates of birth, gender, postal and email addresses and phone numbers; no passwords or payment data were affected.

Victim
Rituals

On 22 April 2026, Rituals β€” the Amsterdam-based international retailer of cosmetics, home fragrances and wellness products β€” confirmed that customer personal data had been stolen from its loyalty membership database following a cyberattack. The company notified affected customers by email and warned them to stay alert for fraudulent messages impersonating the brand.

Rituals said it had identified an "unauthorised download" of My Rituals membership data. It did not disclose the technical nature of the attack, and an investigation was underway to determine how the breach occurred. The company stated it acted immediately to stop the access and, at the time of disclosure, had found no evidence that the stolen information had been published online.

The exposed data included:

  • Full name
  • Date of birth
  • Gender
  • Postal address
  • Email address
  • Phone number
  • Preferred Rituals store and account type

Rituals stressed that no passwords or payment information were accessed. The company did not disclose how many individuals were affected, citing security reasons; its membership programme spans more than 41 million customers across Europe, the UK and the United States. Because the exposed fields allow detailed customer profiling, Rituals urged members to be wary of phishing emails, fake promotions and other social-engineering attempts that mimic the brand.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/rituals-les-donnees-personnelles-des-clients-en-fuite-apres-une-cyberattaque/
  2. techcrunch.comhttps://techcrunch.com/2026/04/22/cosmetics-giant-rituals-confirms-data-breach-of-customer-membership-records/
  3. bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/cosmetics-giant-rituals-discloses-data-breach-affecting-customers/

Related incidents

Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K