Rituals disclosed a breach where hackers accessed and downloaded some My Rituals members’ data, including names and addresses.Luxury cosmetics giant Rituals disclosed a data breach impacting My Rituals members after attackers gained unauthorized access to its systems and downloaded part of the database. The security breach occurred earlier this month, and the company is now notifying affected users.“We have identified an unauthorised download of part of our members’ data. As soon as we were alerted to this incident, we acted promptly to resolve it. We can confirm that no passwords or payment information were accessed.” reads the statement published by the company.Upon discovering the incident, the company quickly took measures and stopped the unauthorised download. “We have initiated an in-depth forensic investigation to understand how this happened and what measures we can take to prevent a similar incident in the future. We have also reported it to the relevant authorities. ” continues the report.My Rituals confirmed that it has contained the intrusion, however, attackers gained access to the personal data of impacted users, including full name, email address, phone number, date of birth, gender, home address. The luxury cosmetics firm pointed out that passwords or payment information were compromised. The company is not aware of the public availability of the stolen data, but warns users to stay alert for phishing messages.At this time, it is unclear how many users were impacted and is the company was victim of a ransomware attack. At this time, no known ransomware or extortion group claimed responsibility for the security breach.Rituals is a premium lifestyle brand offering bath, body, and home products inspired by Eastern traditions. It has seen strong growth in recent years, with annual revenues exceeding €1 billion, driven by global retail expansion and e-commerce. Its portfolio includes skincare, fragrances, and wellness items.Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, data breach)