Clarins data breach impacts more than 600,000 customers

On September 18, French luxury skincare group Clarins notified its customers of a data leak published by the Everest ransomware group. Clarins' data was published on the group's dark web blog, where they revealed that they had obtained data from more than 600,000 of the company's customers in the United States, France, and Canada.

Everest also claimed to have obtained two other databases containing documents and personal information from users of Clarins' online stores in different regions. The details revealed include purchase histories from different categories, such as skincare and makeup.

After the incident was made public, Clarins confirmed that some customers' contact details had been illegally downloaded by a third party, but the company said it had acted immediately to resolve the issue and that the incident was now fully under control. According to Clarins, no financial information such as bank account numbers, credit card numbers, or passwords had been compromised.

The company reported the incident to the relevant authorities and advised customers to remain vigilant against suspicious emails, calls, or text messages to avoid potential phishing or fraud attempts.