Netherlands-based cosmetics company Rituals has announced a data breach impacting customers’ personal details following a hack of its membership database.
The disclosure was made on Wednesday in an email to customers, confirmed by TechCrunch.
Rituals reported detecting an “unauthorized download” in April, which exposed details like full names, birthdates, gender, postal and email addresses, phone numbers, preferred Rituals stores, and account types.
Rituals spokesperson Eline van Malssen informed TechCrunch that the breach involved European and UK members’ data. TechCrunch also found that some notified customers reside in the United States, which the spokesperson confirmed.
The company did not provide details about the breach’s nature but is investigating how it occurred.
Rituals is one of several retailers facing similar breaches recently, including UK’s Co-op and Marks & Spencer. Customer data can be lucrative for hackers threatening to release information unless paid a ransom.
When asked for further details about the breach, the company declined to comment on any hacker communications, a detailed timeline, or the number of affected members, citing “security reasons.”
According to its website, Rituals has over 41 million members. The company reported revenue of €2.4 billion ($2.8 billion) in 2025.