Pure Beauty

Space NK investigates cyber security incident

Published: 19-Jan-2024

The British cosmetics retailer has confirmed a data breach, but customer details were not impacted

Space NK has been hit by a cyber attack, resulting in the “unauthorised disclosure” of personal data.

The British luxury cosmetics retailer confirmed the news via email on 18 January after conducting an investigation into the breach.

Customer data, personal information, or centralised databased were not involved in the incident. 

The company said the hack had affected the names and email addresses connected to one individual employee. 

“The breach was discovered today [18 January] and is likely to have taken place this afternoon,” said Jini Sanassy, Head of PR at Space NK, in a ‘Space NK notification of a personal data breach’ email. 

“The information has been disclosed without authorisation by an unauthorised person.

“We are still investigating the circumstances of the breach because this happened a matter of hours ago.

“We are terribly sorry for what has happened and are looking to implement any and all measures to try to prevent this from ever happening again.”

Space NK said it has contacted the Information Commissioner's Office (ICO) about the breach.

The retailer believes the root of the incident is a phishing email sent at 13:07 on 18 January from an employee's email account. 

The address was shut down within one hour of the breach. 

The scam email had no message but contained a link to an untitled file asking people to enter in their details. 

Space NK is encouraging people to delete emails that may appear as a phishing scam from any Space NK email addresses. 

Respondants who may have opened the attachment and provided details are encouraged change their password immediately.

Space NK is not the only beauty retailer that has been the victim of a cyber attack.

British cosmetics brand Lush recently launched a “comprehensive” investigation after its systems were hit

The nature and extent of the attack have not been revealed.  

Last year, Estée Lauder Companies (ELC) data was stolen after a hacker obtained information from the beauty goliath’s internal systems.

Read more:

You may also like