Pure Beauty

Estée Lauder data stolen in cyberattack

By Alessandro Carrara | Published: 19-Jul-2023

The full scope of the attack’s damage is yet to be determined by ELC, but it has brought on cybersecurity experts to assist with its investigation

Estée Lauder Companies (ELC) has been hit by a cyber attack after a hacker obtained data from the beauty goliath’s internal systems.

The owner of MAC and Tom Ford was forced to shut down portions of its network following the hack to protect further information from being stolen.

Parts of the company’s business operations have been disrupted as a result, which ELC anticipates will continue while it recovers from the attack.

The conglomerate has not specified which parts of its operations have been impacted.

“The company is implementing measures to secure its business operations and will continue taking additional steps as appropriate,” said ELC in a statement.

“During this ongoing incident, the company is focused on remediation, including efforts to restore impacted systems and services.”

ELC said the full scope of the damage is yet to be determined, but it has brought on cybersecurity experts to assist with its investigation.

The company is also coordinating with law enforcement groups.

“During this period, we thank our employees for their resiliency,” ELC added.

“Together, we remain focused on our business, consumers and other stakeholders.”

It comes after Boots was struck by a cyber attack on 7 June 2023 by Russian cyber-criminal gang Clop.

The UK health and beauty retailer was among thousands of firms whose employee data was compromised, including names, addresses, bank details and national insurance numbers.

Zellis, a third-party payroll provider used by the organisations affected, was the target of the cyber attack.

Hackers are said to have exploited a backdoor in MOVEit, the software used by Zellis to transfer files.

Clop then issued an ultimatum to the affected organisations to email them before 14 June or they would publish the stolen data.

The statement by the group, which was published by the BBC, read: "This is announcement to educate companies who use Progress MOVEit product that chance is that we download a lot of your data as part of exceptional exploit.” 

Read more:

Business advice: How to respond to a cyber attack incident

You may also like