Rituals has detected a security incident affecting its customer database

In late April 2026, Rituals disclosed a cybersecurity incident that affected part of its customer base, specifically users of its “My Rituals” loyalty program. The company detected suspicious activity on its systems that same month, which led to the discovery of an unauthorized download of personal data. The speed of detection and communication was a key factor in the initial phase of incident management.
he security breach involved unauthorized access to customers' personal data, including names, email addresses, phone numbers, dates of birth, and physical addresses. However, the company stated that sensitive data such as passwords or financial information was not compromised, which partially limits the direct impact of the incident. After detecting the intrusion, Rituals blocked unauthorized access, launched a forensic investigation to determine the exact scope of the attack, and notified both the relevant authorities and affected customers. Additionally, it advised users to exercise extreme caution regarding potential phishing attempts or fraud using the stolen information.
At this time, the incident is under investigation, and the company continues to assess its full implications while working with cybersecurity experts and regulatory agencies. So far, no widespread consequences resulting from the misuse of the leaked data have been reported, although the risk remains due to the nature of the exposed information.