Netherlands-based cosmetics giant Rituals has confirmed a data breach affecting customers’ personal details after hackers stole reams of data from its member database.
The company disclosed the breach on Wednesday, according to an email sent to customers that TechCrunch has seen and verified.
Rituals said it detected an “unauthorized download” of member data in April that contained customers’ full name, date of birth, gender, postal and email address and phone number, as well as their preferred store type and Rituals account type.
When reached by TechCrunch, Rituals spokeswoman Eline van Malssen said the hacker stole member data about customers in Europe and the UK.
TechCrunch has learned that some customers notified by Rituals are based in the United States. The spokesperson confirmed that the incident is also affecting some customers in the US.
Rituals did not describe the nature of the cyberattack, and the company said its investigation was ongoing to understand how the data breach occurred.
The cosmetics giant is the latest retailer to have customer member data stolen in the past year, following a series of hacks at UK grocery and shopping chain Co-op and Marks & Spencer, among others. Customer records can be attractive targets for hackers who steal the data and hold the company to ransom in exchange for not publishing the information online.
When reached with questions about the incident, a Rituals spokesperson declined to comment on whether the company received any communication from the hackers, share a more precise timeline of the breach or provide the exact number of members affected, citing unspecified “security reasons.”
According to his websiteRituals has over 41 million customers in its member database. The retail giant had revenue of 2.4 billion euros ($2.8 billion) in 2025.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
