Estee Lauder Breached by Two Ransomware Groups

Written by

Estee Lauder has become the latest big name to suffer an apparently serious ransomware breach, after two groups claimed to have compromised the firm.

The cosmetics giant was posted to the leak site of both the Alphv/BlackCat and Clop ransomware gangs, according to security researchers on Twitter. Researcher Dominic Alvieri was just one of many citing the news.

Read more on ransomware: Clop Starts MOVEit Extortion as New Bug is Discovered.

The posts appear to have gone live on Tuesday July 18.

New York-headquartered Estee Lauder – which counts brands such as DKNY, Jo Malone, Tommy Hilfiger and Aveda among its portfolio – published a brief statement on the same day.

It said an unauthorized third party had gained access to some of its systems.

“After becoming aware of the incident, the company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cybersecurity experts,” the statement continued.

“The company is also coordinating with law enforcement. Based on the current status of the investigation, the company believes the unauthorized party obtained some data from its systems, and the company is working to understand the nature and scope of that data.”

Estee Lauder said it was focused on remediation in the meantime, and warned that the incident would cause disruption to its business. A similar statement was filed with the Securities and Exchange Commission (SEC) regulator.

It remains to be seen whether either of the threat groups deployed ransomware to the company’s network, or if they focused on data theft-based extortion.

One screenshot posted to Twitter claims the Clop group has 131GB of data.

Clop famously was behind the MOVEit campaign which resulted in data theft and extortion of countless organizations using the popular file transfer software. It has yet to be confirmed whether its compromise of Estee Lauder data came from that supply chain attack.

“While we don’t know the full details yet, this is yet another example of a cyber-attack causing widespread disruption across a business’ operations,” argued CyberSmart CEO, Jamie Akhtar.

“Given the nature of the breach, it’s entirely possible that like so many recent stories, this could have originated in Estee Lauder’s supply chain.”

Image credit: salarko /

What’s hot on Infosecurity Magazine?