Sephora discovers online data breach, New Zealand customers could be affected

Multinational beauty retailer Sephora has admitted to a security breach of its online users' data, affecting customers from New Zealand, Australia, Hong Kong SAR and Southeast Asia.

On Monday the popular makeup retailer issued a notice to its online customers located in Southeast Asia, claiming the data breach was discovered over the last two weeks.

Sephora claims some personal information may have been exposed to unauthorised third parties. The leaked data is said to possibly include customers' first and last names, date of birth, gender, email, encrypted password and data related to beauty preferences.

"Please be reassured that no credit card information was accessed, and we have no reason to believe that any personal data has been misused," Sephora wrote to its online customers.

Sephora say they have taken precautionary action by cancelling all existing passwords for customer accounts and have reviewed their security systems. 

"We are also offering a personal data monitoring service, at no cost to you, through a leading third-party provider," Sephora attempts to reassure its customer base.

It has been recommended for online customers to change their password and register for the aforementioned data monitoring service.

The French brand was founded in 1970 and now features close to 300 brands alongside its own eponymous label, selling cosmetics, skincare, fragrance, beauty tools, personal care products and haircare.

Sephora's first New Zealand store had its grand opening in Auckland's CBD on Saturday, 20 July.