Rituals Cosmetics Confirms Massive Breach — 41 Million Customer Records Exposed
What Happened
Netherlands-based cosmetics giant Rituals has confirmed a significant data breach after hackers compromised its membership database. The breach potentially affects 41 million customers worldwide — making it one of the largest retail data breaches of 2026 so far.
Exposed data includes names, dates of birth, gender, physical addresses, phone numbers, preferred store locations, and account types. While payment card data has not been confirmed as compromised, the breadth of PII exposed creates a massive surface for targeted phishing, identity fraud, and social engineering attacks.
Sources
Why It Matters
41 million records from a single retailer is staggering. Rituals operates in dozens of countries, which means this breach triggers compliance obligations under GDPR, various national privacy laws, and potentially sector-specific regulations. The exposed data is a perfect kit for targeted social engineering — attackers who know your name, birthday, address, and favorite store can craft extremely convincing phishing campaigns.
For consumers: if you’ve ever had a Rituals account, assume your data is out there. Change passwords, watch for suspicious communications, and consider a credit freeze if you used the same credentials elsewhere.
