Rituals has confirmed a data breach that exposed personal information from its global customer membership database.
Quick Summary – TLDR:
- Rituals confirmed a cyberattack involving unauthorized access to its membership database.
- Personal data like names, emails, and addresses were stolen, but no passwords or payment details were exposed.
- The breach affects My Rituals loyalty members across multiple regions, including Europe, UK, and US.
- The company has contained the incident and launched a forensic investigation.
What Happened?
Rituals disclosed that attackers gained unauthorized access to its My Rituals membership database earlier this month. The breach involved the download of customer data, prompting the company to notify authorities and begin an internal investigation.
🚨 BREAKING: Dutch cosmetics giant Rituals confirms data breach affecting MyRituals members across Europe and the UK. Names, addresses, dates of birth stolen—but no passwords or payment details compromised. #BreakingNews #DataBreach #Rituals #CyberSecurity pic.twitter.com/tbT7HIEwvX
— Archange Shadow (@Archange_Shadow) April 23, 2026
Unauthorized Access to Customer Data
Rituals revealed that hackers accessed and downloaded data belonging to members of its My Rituals loyalty program, which has more than 40 million users globally. The breach was identified after the company detected unusual activity involving unauthorized data downloads.
The compromised data includes:
- Full names
- Email addresses
- Phone numbers
- Home addresses
- Dates of birth
- Gender
- Preferences such as store choices and account types
The company clarified that no passwords or payment information were accessed, which reduces the immediate risk of financial fraud.
Global Impact and Customer Notification
The data breach affects customers across Europe, the United Kingdom, and parts of the United States. While the company has not disclosed the exact number of affected users, the scale of its membership program suggests that millions could potentially be impacted.
Rituals stated that it has directly informed affected customers and advised them to remain cautious, especially regarding potential phishing attempts. The company told users that while no immediate action is required, staying alert is important.
The company said:
Investigation and Response Measures
Rituals has confirmed that the breach has been contained, with unauthorized access blocked shortly after detection. The company is now conducting an in-depth forensic investigation to determine how the attackers gained access and to strengthen its security systems.
“We have initiated an in-depth forensic investigation to understand how this happened and what measures we can take to prevent a similar incident in the future. We have also reported it to the relevant authorities.”
So far, the company has not disclosed the method of attack, and no known cybercrime group has claimed responsibility. It also noted that there is no evidence yet that the stolen data has been leaked online.
Rising Trend of Retail Data Breaches
This incident comes amid a broader wave of cyberattacks targeting retail and consumer brands. Companies with large customer databases are increasingly attractive targets due to the value of personal information, which can be used for scams, identity theft, or sold on underground markets.
Similar breaches at other retailers highlight a growing pattern where attackers focus on loyalty programs and membership databases, which often store detailed customer profiles.
SQ Magazine Takeaway
I think this incident shows how even well established global brands are struggling to fully protect customer data. While it is reassuring that sensitive financial details were not exposed, the amount of personal information involved is still significant. For me, this is another reminder that companies must treat data security as a top priority, not just a compliance requirement. At the same time, users should stay cautious and avoid trusting unexpected messages, especially after such breaches.
