Estee Lauder Hacked And Data Stolen

American cosmetic giant Estee Lauder has confirmed a “cybersecurity incident” after a hacker obtained ‘some data’ from its systems.

The firm confirmed the hack on Tuesday after it said that it had “identified a cybersecurity incident, which involves an unauthorised third party that has gained access to some of the Company’s systems.”

And Estee Lauder also confirmed that the cyber incident is causing, and expected to further cause, disruption to parts of the company’s business operations.

Cyberattack statement

Estee Lauder did not reveal how the compromise took place, what type of attack it was, the identity of the hacker, or the data that was stolen.

“After becoming aware of the incident, the Company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cybersecurity experts,” it said.

It added that it is also coordinating with law enforcement.

“Based on the current status of the investigation, the Company believes the unauthorised party obtained some data from its systems, and the Company is working to understand the nature and scope of that data,” it said.

Estee Lauder said it is “implementing measures to secure its business operations and will continue taking additional steps as appropriate.”

“During this ongoing incident, the Company is focused on remediation, including efforts to restore impacted systems and services,” it added. “The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations.”

The cyberattack comes after a spree of other attacks against US-based companies, including T-Mobile US and more recently a mass hack that compromised the MOVEit tool from Progress Software, which is used by businesses to securely transfer sensitive data.

Ransomware attack?

The Estee Lauder cyberattack drew reactions from cybersecurity specialists, and Rebecca Moody, head of data research at Comparitech noted that this attack on Estee Lauder coincides with two ransomware claims.

Moody pointed to one from Cl0p (thought to be part of the MOVEit breach) and one by ALPHV/BlackCat.

“Interestingly, ALPHV mentioned Cl0p in its claim, stating that it had seen in emails that Estee Lauder had discussed Cl0p’s claims but it was unsure if anything had come from this breach,” said Moody.

“ALPHV had reiterated to Estee Lauder that it wasn’t associated with Cl0p and that this attack was separate. ALPHV also stated that it hadn’t encrypted Estee Lauder’s systems but had remained in the systems for two weeks at least.”

“Whichever attack Estee Lauder’s statement stems from, however, it does seem as though the organisation has been exploited by at least one vulnerability,” said Moody. “Estee Lauder now needs to provide updates on how it will help safeguard customers and/or employees if their information has been stolen.”

Security focus

“The recent cyber incident involving Estee Lauder serves as a stark reminder that no business is immune to the ever-evolving threat of cybercriminals,” added Erfan Shadabi, cybersecurity expert at comforte AG.

“Such breaches highlight the urgent need for organisations to prioritise robust data-centric security measures to safeguard their sensitive information,” said Shadabi. “Traditional perimeter-based security measures, while necessary, are not sufficient in an increasingly sophisticated cyber landscape.”

“Data-centric security methods, such as tokenisation and format-preserving encryption, focus on safeguarding the data itself rather than solely relying on fortified perimeters,” said Shadabi. “Businesses must acknowledge the reality that cyber threats are not a matter of ‘if’ but ‘when.’”

“Adopting data-centric security practices is no longer optional but essential for staying resilient in an ever-evolving threat landscape,” Shadabi concluded. “Protecting data at its core safeguards the business’s reputation, fosters customer loyalty, and ultimately bolsters the company’s overall cyber resiliency.”