Rituals has confirmed a data breach affecting its customer membership database, exposing sensitive personal information of users across multiple regions. The Netherlands-based cosmetics company disclosed the incident after identifying an “unauthorized download” of customer data in April, raising concerns about the growing risks targeting retail loyalty and membership systems.

The breach involves a wide range of personal data, including customers’ full names, dates of birth, gender, postal and email addresses, phone numbers, preferred store locations, and account types. The compromised dataset highlights the increasing value of membership databases for cybercriminals, who often exploit such information for identity theft, phishing campaigns, or extortion.

Eline van Malssen, spokesperson for Rituals, confirmed that the breach primarily affects customers in Europe and the United Kingdom, with additional impact on some users in the United States. The company has begun notifying affected individuals while continuing its investigation into the scope and cause of the incident.

Rituals has not disclosed the specific nature of the cyberattack or how the unauthorized access occurred. The company also declined to provide details on the number of affected customers or whether it has been contacted by the threat actors, citing security reasons. The lack of clarity reflects the sensitive nature of ongoing breach investigations, particularly when companies are still assessing potential risks and exposure.

The incident places Rituals among a growing list of major retailers targeted by cyberattacks aimed at customer data. Membership and loyalty databases have become increasingly attractive to attackers due to the volume of personally identifiable information they contain. Such data can be leveraged for financial fraud, social engineering attacks, or sold on underground marketplaces.

With more than 41 million customers in its membership database and reported revenues of €2.4 billion in 2025, Rituals represents a high-value target for cybercriminals seeking large-scale data access. The breach underscores the urgent need for stronger data protection measures and continuous monitoring of customer-facing systems within the retail sector.

As investigations continue, the Rituals data breach highlights the evolving threat landscape facing global brands, where even well-established companies must remain vigilant against increasingly sophisticated cyber intrusions targeting consumer data.

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com