--- title: "Rituals Confirms Data Breach Affecting Millions of Customers" date: 2026-04-23 author: "Sofia Ramirez" featured_image: "https://sqmagazine.co.uk/wp-content/uploads/2026/04/rituals-confirms-data-breach.jpg" categories: - name: "Cybersecurity" url: "/cybersecurity.md" tags: - name: "News" url: "/tag/news.md" --- # Rituals Confirms Data Breach Affecting Millions of Customers Rituals has confirmed a data breach that exposed personal information from its global customer membership database. ## Quick Summary – TLDR: - Rituals confirmed a cyberattack involving unauthorized access to its membership database. - Personal data like names, emails, and addresses were stolen, but no passwords or payment details were exposed. - The breach affects My Rituals loyalty members across multiple regions, including Europe, UK, and US. - The company has contained the incident and launched a forensic investigation. ## What Happened? Rituals [disclosed](https://www.rituals.com/en-nl/faq/data/) that attackers gained unauthorized access to its My Rituals membership database earlier this month. The breach involved the download of customer data, prompting the company to notify authorities and begin an internal investigation. > 🚨 BREAKING: Dutch cosmetics giant Rituals confirms data breach affecting MyRituals members across Europe and the UK. Names, addresses, dates of birth stolen—but no passwords or payment details compromised. [\#BreakingNews](https://twitter.com/hashtag/BreakingNews?src=hash&ref_src=twsrc%5Etfw) [\#DataBreach](https://twitter.com/hashtag/DataBreach?src=hash&ref_src=twsrc%5Etfw) [\#Rituals](https://twitter.com/hashtag/Rituals?src=hash&ref_src=twsrc%5Etfw) [\#CyberSecurity](https://twitter.com/hashtag/CyberSecurity?src=hash&ref_src=twsrc%5Etfw) [pic.twitter.com/tbT7HIEwvX](https://t.co/tbT7HIEwvX) > > — Archange Shadow (@Archange\_Shadow) [April 23, 2026](https://twitter.com/Archange_Shadow/status/2047320704031330686?ref_src=twsrc%5Etfw) ## Unauthorized Access to Customer Data Rituals revealed that hackers accessed and downloaded data belonging to members of its **My Rituals loyalty program**, which has more than **40 million users globally**. The breach was identified after the company detected unusual activity involving unauthorized data downloads. The **compromised data includes**: - **Full names** - **Email addresses** - **Phone numbers** - **Home addresses** - **Dates of birth** - **Gender** - **Preferences such as store choices and account types** The company clarified that **no passwords or payment information were accessed**, which reduces the immediate risk of financial fraud. ## Global Impact and Customer Notification The [data breach](https://sqmagazine.co.uk/data-breach-statistics/) affects customers across **Europe, the United Kingdom, and parts of the United States**. While the company has not disclosed the exact number of affected users, the scale of its membership program suggests that **millions could potentially be impacted**. Rituals stated that it has **directly informed affected customers** and advised them to remain cautious, especially regarding [potential phishing attempts](https://sqmagazine.co.uk/phishing-email-statistics/). The company told users that while no immediate action is required, staying alert is important. The company said: “ We have informed affected customers directly and have reported the incident to the relevant authorities. Rituals ## Investigation and Response Measures Rituals has confirmed that the breach has been **contained**, with unauthorized access blocked shortly after detection. The company is now conducting an **in-depth forensic investigation** to determine how the attackers gained access and to strengthen its security systems. “**We have initiated an in-depth forensic investigation to understand how this happened and what measures we can take to prevent a similar incident in the future. We have also reported it to the relevant authorities.**” So far, the company has **not disclosed the method of attack**, and no known [cybercrime](https://sqmagazine.co.uk/cybercrime-statistics/) group has claimed responsibility. It also noted that there is **no evidence yet that the stolen data has been leaked online**. ## Rising Trend of Retail Data Breaches This incident comes amid a broader wave of cyberattacks targeting retail and consumer brands. Companies with large customer databases are increasingly attractive targets due to the value of personal information, which can be used for scams, identity theft, or sold on underground markets. Similar breaches at other retailers highlight a growing pattern where attackers focus on **loyalty programs and membership databases**, which often store detailed customer profiles. ## SQ Magazine Takeaway I think this incident shows how even well established global brands are struggling to fully protect customer data. While it is reassuring that sensitive financial details were not exposed, the amount of personal information involved is still significant. For me, this is another reminder that companies must treat **data security as a top priority**, not just a compliance requirement. At the same time, users should stay cautious and avoid trusting unexpected messages, especially after such breaches.