Sephora's Southeast Asia Customers Victims of a Data Breach

Sephora has emailed customers in Southeast Asia to inform them it has discovered a data breach that occurred within the last two weeks. "Over the last two weeks, we discovered a breach in data related to some customers who have used our online services in Singapore, Malaysia, Indonesia, Thailand, Philippines, Hong Kong SAR, Australia, and New Zealand," Sephora SEA Managing Director Alia Gogi wrote. Sephora said some personal information may have been exposed to unauthorized third parties, including first and last name, date of birth, gender, email address, and encrypted password, as well as data related to beauty preferences. The beauty retailer said that no credit card information was accessed, and that it has no reason to believe that any personal data has been misused.

Total Retail's Take: Data security is a global issue, a challenge for brands such as Sephora that are selling their products online and in-store across the world. George Wrenn, founder and CEO of CyberSaint Security, offered the following commentary on the Sephora data breach: "It's a great challenge for many organizations to standardize their cybersecurity operations globally. Varying regulations for both security and privacy come into play, especially when dealing with an enterprise that operates around the globe. It's in cases like these where an integrated approach to cybersecurity becomes all the more important. Spreadsheets don't get the job done. This breakdown is why we see many large organizations flock to an integrated risk management (IRM) approach. IRM is allowing organizations to aggregate risk and compliance data from all business units and make smarter and more informed decisions. With the patchwork of regulations that are emerging around the world, cybersecurity leaders must be prepared to integrate their organizations to stay wholly aware of the posture of their organization."