Rituals Confirms Data Breach of Global Membership Database
Learn More
Rituals, a Netherlands-based cosmetics company, confirmed a data breach of its customer membership records in April 2026.
The company detected an unauthorized download of data from its MyRituals database. Rituals blocked the unauthorized access and started a forensic investigation with external security firms. Attackers gained access to the membership database and stole customer information before the company could intervene.
The compromised data includes:
- Full names
- Dates of birth
- Gender
- Postal and email addresses
- Phone numbers
- Preferred Rituals store locations
- Account types
The nature of the attack and the number of affected individuals is not disclosed.
The breach was disclosed through verified customer notifications and affects individuals across Europe, the United Kingdom, and the United States.
The company notified the Dutch Data Protection Authority and is monitoring dark web leak sites for the stolen data. Rituals claims that passwords and payment information were not stored in the affected database and remain secure.
