Connect with us

Hi, what are you looking for?


Data Breaches

Cosmetics Giant Estée Lauder Targeted by Two Ransomware Groups

Estée Lauder has confirmed suffering a data breach just as two ransomware groups claimed to have targeted the company, both allegedly stealing vast amounts of information.

Cosmetics giant Estée Lauder has disclosed a data breach just as two ransomware groups made claims about stealing vast amounts of information from the company.

In a statement issued on July 18, Estée Lauder said it suffered a cybersecurity incident. The company admitted that an unauthorized third party gained access to some of its systems and obtained data. 

The nature and scope of the compromised data is still being assessed, but the company has called in outside cybersecurity experts to assist with the investigation and has notified law enforcement. 

“During this ongoing incident, the Company is focused on remediation, including efforts to restore impacted systems and services. The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations,” Estée Lauder said.

Two notorious cybercrime groups claim to have targeted the company. One of them is the Cl0p ransomware gang, which claims to have stolen more than 130 gigabytes of information through the MOVEit hack, which has impacted more than 300 organizations worldwide.  

The second cybercrime group is the BlackCat/Alphv ransomware gang, which on July 18 claimed that they still had access to the company’s systems, despite Microsoft and Mandiant being called in for incident response. 

BlackCat hackers said they had not received any response from the company and threatened to reveal more information about the stolen files unless the cosmetics giant responds.

Advertisement. Scroll to continue reading.

This group clarified that their breach is separate from the MOVEit attack carried out by their ‘colleagues’ at Cl0p.

This is not the first time Estee Lauder has suffered a data breach. Back in 2020, a researcher discovered that the company had left 440 million records exposed to the internet in an unprotected database.

Related: Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack

Related: TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant

Related: Ransomware Gang Takes Credit for February Reddit Hack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.