Space NK cosmetics reports data breach

Space NK has experienced a cyber attack leading to the breach of certain personal data. Space NK is a British luxury beauty retailer that offers a wide range of skincare, makeup, haircare, and fragrance products. Established in 1991, the retailer is featuring over 100 beauty brands.

The attack was reported on January 18, the company sent out an email confirming this incident following an investigation and defining the breach as "unauthorized disclosure". The breach was limited to the names and email addresses in the contact list of a single employee and did not involve customer data, personal information, or centralized databases.

The breach, was detected on January 18th when a phishing email was detected to be sent sent from an employee's account at 13:07. The employee's email address was deactivated within an hour of identifying the breach.

This description means that an employee's email account has been breached and subsequently used to send out phishing emails to their contacts. It's quite possible that the emails in the account are also compromised, although Space NK doesn't provide any details of compromised emails.

The phishing email, containing a link to a file asking for details, had no accompanying message.

Space NK has informed the Information Commissioner's Office (ICO) about the incident and is advising recipients of suspicious emails from their addresses to delete them. Those who have opened the attachment and entered their details are urged to change their passwords immediately.