Some online shoppers in Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore and Thailand who use beauty products retailer Sephora's mobile application and website have been affected by a data leak. — Reuters pic

SINGAPORE, July 30 — Sephora’s customers who have online accounts with the cosmetics and beauty products retailer were alerted yesterday to a data breach discovered by the company in the last fortnight.

In an email sent out to its customers in the Asia-Pacific region, including Singapore, Sephora said that personal information of “some customers” has been exposed to unauthorised third parties.

Alia Gogi, managing director of Sephora South-east Asia, said in the email that the leaked information included the users’ first and last name, date of birth, gender, email address, encrypted password as well as data related to “beauty preferences”.

No credit card information was accessed, she stressed, adding that the company has “no reason to believe that any personal data has been misused”.

The security incident affected online account holders in Australia, Hong Kong, Indonesia, Malaysia, New Zealand, the Philippines, Singapore and Thailand.

Gogi apologised to customers and said that the company has taken precautionary measures such as cancelling all existing passwords for customer accounts and “thoroughly reviewing” its security systems.

All online users are advised to change their passwords if they have not already done so.

“We are also offering a personal data monitoring service, at no cost to you, through a leading third-party provider,” Ms Gogi said.

Those who would like to register for the personal data monitoring service can do so online by Nov 30.

On its website, Sephora stated that none of its physical stores are unaffected. The data breach was limited to a database serving its South-east Asia, Hong Kong, Australia and New Zealand customers who used its online services and mobile application.

It also stated that it “immediately appointed independent experts” to help investigate the breach, and notified affected customers as soon as it was able to verify the details of the incident. It is still investigating the extent of the data leak.

Founded in France, Sephora has close to 2,000 stores in about 30 markets selling cosmetics, skincare, fragrance, beauty tools, personal and hair care products.

Its website stated that it has an expanding base of more than 200 stores across the Asia-Pacific region including Australia, China, India, Indonesia, Malaysia, Singapore and Thailand.

It is owned by French luxury goods conglomerate LVMH. — TODAY