Estee Lauder appears to be the victim of two ransomware gangs.
ALPHV/BlackCat and Clop have recently listed the popular cosmetics maker on their data sites as a victim of attacks they reportedly perpetrated on July 19.
Estee Lauder is still investigating the data breach it suffered and has been coordinating with law enforcement; it is taking additional steps where it's appropriate to secure its business operations further.
Estee Lauder Data Breach Perpetrators
Estee Lauder is not doing well. Apart from the weaker sales and profit it is expecting to see in 2023, the cybersecurity incident it suffered on July 19 made them lose some of its data. While the company didn't say what kind of data it lost, one of the attackers may have revealed what it was.
According to a report from Bleeping Computer, the Clop ransomware gang not only listed Estee Lauder on its data leak site as one of its victims, but it also said that it stole more than 131GB of its data on July 19.
Clop ransomware, a variant of the CryptoMix ransomware family, per Trend Micro, mentioned in its data leak site that Estee Lauder doesn't care about its customers due to how much it ignored its cybersecurity. The gang's statement could hint that the data they stole, meaning that customers might have to stay alert for anything weird happening to them and their Estee Lauder account.
The ransomware gang managed to breach Estee Lauder's cybersecurity by exploiting a vulnerability in the MOVEit Transfer platform for secure file transfers.
Another ransomware gang, BlackCat, also added Estee Lauder to its list of victims on its data leak site. It had already sent extortion messages to the company, promising to reveal more details about the data it stole from the company on July 19 if the company doesn't engage in negotiations with it.
Despite BlackCat's threats and revelation that it did not encrypt any of the company systems, Estee Lauder did not respond to the ransomware gang's demands for negotiations, indicating its stance that it will not engage in any deal-making with it.
The company has already filed the incident with the Securities and Exchange Commission, informing it of its focus on remediation, including "efforts to restore impacted systems and services" and that the data breach has caused and is expected to continue to cause disruption to parts of its business operations.
Estee Lauder has yet to give an update regarding its investigation into the data breach.
A Brief Timeline of Estee Lauder's Data Breach Incident
Estee Lauder mentioned in its July 19 statement that it identified a cybersecurity incident involving an unauthorized third party gaining access to some of its systems sometime on July 18.
Based on the findings of the company's and cybersecurity experts' investigations as of press time, the hacker managed to obtain some data from its systems, though Estee Lauder didn't specify what kind of data the hacker managed to acquire. The company said it is working to understand "the nature and scope of that data."
The data breach came to Estee Lauder at a bad time. According to a Reuters report, the company predicted in May that it would see weaker sales and profit in 2023 than previously estimated due to slow recovery at duty-free and travel destinations, especially in Asia.
Related Article : Estee Lauder Reports Data Breach - Are Customers' Information Safe?