The Estée Lauder Companies has identified a cybersecurity incident, which involves an unauthorised third party that has gained access to some of its systems. After becoming aware of the incident, the company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cybersecurity experts. The company is also coordinating with law enforcement. Based on the current status of the investigation, the company believes the unauthorised party obtained some data from its systems and is working to understand the nature and scope of that data.
The company is implementing measures to secure its business operations and will continue taking additional steps as appropriate. During this ongoing incident, it is focused on remediation, including efforts to restore impacted systems and services. The incident has caused, and is expected to continue to cause, disruption to parts of the company’s business operations.
Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, commented on the news: “While this cyberattack was likely facilitated by security issues on Estee Lauder’s end, or through phishing attacks against the company’s workers and executive, the company needs to be open about its findings and as to how its customers are affected by the attack. The company also needs to plug any security holes it discovers, keeping its systems and software updated to patch security issues.”