Data breach hits Sephora, Philippine customers affected

MANILA, Philippines – Beauty retailer Sephora has been hit by a data breach, the company disclosed via an email it sent out to online customers on Monday, July 29.

The breach affects some customers who have used the company's online services in Singapore, Malaysia, Indonesia, Thailand, the Philippines, Hong Kong, Australia, and New Zealand. It was discovered "over the last two weeks."

Exposed in the breach to "unauthorized third parties" were customers' first and last names, date of birth, gender, email address, encrypted password, and "data related to beauty preferences."

The email notice, signed by Sephora's Southeast Asia managing director Alia Gogi, said that no credit card information was exposed and they have "no reason to believe that any personal data has been misused."

All existing passwords for customer accounts have been canceled as a precaution, and security systems have been reviewed, according to Sephora. It advised customers to change their passwords.

The company can be reached at, via landline at +63 2 2993728, or via

The company is also offering a free data monitoring service for potential misuse of the stolen information in some of the affected regions. In the Philippines, the data monitoring service isn't available as the Sephora website says that "local regulatory requirements prohibit the service from being offered in your market." –