Business & MarketsCompanies

Cosmetics Giant Estee Lauder Hacked, Disrupting Business Operations

Save
Cosmetics Giant Estee Lauder Hacked, Disrupting Business Operations
Guests attend Estee Lauder Spokesmodel Gwyneth Paltrow's introduction of the new ''pleasures delight'' fragrance at the Macy's on State Street in Chicago, Illinois, on Aug. 17, 2007. (Tasos Katopodis/Getty Images for Estee Lauder)
Katabella Roberts
7/19/2023
Updated:
7/19/2023
0:00

A hacker was able to gain access to cosmetics company Estee Lauder’s internal system, prompting the makeup and beauty giant to launch an investigation into the incident, it announced on July 18.

In a statement, the New York-headquartered company said it had identified the cybersecurity incident, which involved an “unauthorized third party that has gained access to some of the company’s systems,” but did not state the date on which the incident occurred or was first discovered.

“After becoming aware of the incident, the company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cybersecurity experts,” the firm said, without naming the experts.

“The company is also coordinating with law enforcement,” it continued. “Based on the current status of the investigation, the company believes the unauthorized party obtained some data from its systems, and the company is working to understand the nature and scope of that data.”

Estee Lauder, which also owns a string of cosmetics brands including Bobbi Brown, Clinique, La Mer, and Tom Ford Beauty did not identify the hacker behind the incident.

However, the cosmetics giant said it is implementing a number of measures to bolster the security of its business operations and will “continue taking additional steps as appropriate.”

“During this ongoing incident, the company is focused on remediation, including efforts to restore impacted systems and services,” it said.

More Data Breaches Across US

The cybersecurity incident has caused disruption to parts of the company’s business operations, Estee Lauder said, without providing further details.

Further ongoing disruptions are also expected owing to the incident, it said.

The Epoch Times has contacted Estee Lauder for further comment.

VP General Manager, North America Estee Lauder Companies and La Mer Kendal Ascher and Nina Garcia attend La Mer x Nina Garcia Regenerating Serum Dinner at The Times Square EDITION in New York City on Sept. 12, 2019. (Bryan Bedder/Getty Images for La Mer)
VP General Manager, North America Estee Lauder Companies and La Mer Kendal Ascher and Nina Garcia attend La Mer x Nina Garcia Regenerating Serum Dinner at The Times Square EDITION in New York City on Sept. 12, 2019. (Bryan Bedder/Getty Images for La Mer)

The cybersecurity incident involving Estee Lauder’s internal system is the latest in a string of data breaches that have impacted American businesses, schools, and even the government in recent months.

A cyberattack on Iowa’s largest school district in January led to classes being canceled for 30,000 students for days as officials worked to protect data and restore the computer system.
In that same month, wireless carrier T-Mobile confirmed hackers had breached its network in late November and stole data on 37 million customers.
The breach was shut down on the same day it was discovered, the company said, however that incident marked the eighth such cybersecurity incident at T-Mobile since 2018, according to TechCrunch.

Biden Unveils Cybersecurity Plan

In February, the social media site Reddit reported a hacking incident allegedly carried out by the ALPHV Russian ransomware group which was able to gain access to sensitive information after an employee fell victim to a phishing attack.
In May, a Chinese hacking group called Storm-0558 used fake credentials to break into U.S. government networks, gaining access to the email accounts of 25 organizations, including government agencies.

However, no sensitive information was stolen during that attack, according to officials with the Cybersecurity and Infrastructure Security Agency.

In June, Microsoft revealed that serious service disruptions to its office suite—including the Outlook email and OneDrive file-sharing apps—and cloud computing platform were owing to a hacking group as part of denial-of-service attacks.
A string of other hacking incidents have occurred this year at The Philadelphia Inquirer, the Housing Authority of the City of Los Angeles, Oregon’s Department of Motor Vehicles, and HCA Healthcare, one of the largest companies in the United States, as well as the dental insurer Managed Care of North America—one of the largest dental health insurers in the United States.

Last week, the White House unveiled its 69-step National Cybersecurity Strategy Implementation Plan aimed at combating cybercrime and preparing for hacking incidents as part of President Joe Biden’s push to strengthen cybersecurity across the nation.

The plan calls for large public and private sector entities to assume a “greater share of the burden for mitigating cyber risks” and increases incentives to boost investment in long-term cybersecurity measures.