:

RITUALS CONFIRMS DATA BREACH OF CUSTOMER RECORDS

SECURITY DESK1 MIN READ
WED, APR 22, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

Cosmetics retailer Rituals has confirmed a data breach affecting its customer membership database. The company, which maintains records for 41 million customers, has not disclosed the exact number of individuals impacted.

Rituals disclosed the security incident involving its membership data, though specifics remain limited. The company declined to provide an accurate total of affected customers, citing ongoing investigation into the breach. With 41 million customer records in its membership system, the potential scale of exposure is significant. The retailer has not detailed what information was accessed, whether it includes personal details, purchase history, or payment data. The cosmetics giant has not announced specific remediation steps or notification timelines for affected customers. Security experts typically expect breached companies to offer credit monitoring and identity theft protection services. Rituals operates across multiple markets with a substantial customer base. This incident adds to a growing list of retail data breaches in recent years, highlighting ongoing security challenges in the e-commerce sector.

■ SOURCES

Bleeping ComputerTechCrunch

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Partnered Health, one of Australia's largest healthcare providers, has disclosed a cyber-attack affecting 21 clinics across Sydney, Melbourne, and Canberra. Personal information and medical records were compromised in the breach.

1H AGOSecurity Desk

Security firm Intruder has developed an AI-powered system that automatically identifies previously unknown software vulnerabilities by combining code analysis with large language models. The tool already discovered and exploited a WordPress plugin zero-day.

1H AGOAI Desk

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

6H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

6H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.