Privacy & Data ProtectionLegal TechIn-House

Rituals Discloses Data Breach Impacting Millions of Customers

2 min readSources: TechCrunch

Rituals confirmed a data breach affecting up to 41 million customer membership records.

Why it matters: Legal and compliance teams must prepare for consumer data breaches like Rituals' under global privacy laws. The scale amplifies risk exposure, notification obligations, and potential regulatory scrutiny.

  • The breach involved unlawfully downloaded names, birth dates, gender, contact info, and store preferences.
  • Rituals detected the incident and blocked further access after discovery, according to a spokesperson.
  • As of now, Rituals says the leaked data has not been made public.
  • Rituals operates 1,500+ shops across 33 countries, with a €2.4 billion revenue in 2025.

Rituals, the Dutch cosmetics giant, has confirmed a data breach affecting its customer membership database of over 41 million customers. The compromised information includes full names, dates of birth, gender, postal and email addresses, phone numbers, preferred store, and account types.

  • "We have determined that some of our members’ data was downloaded unlawfully," a Rituals spokesperson stated.
  • After detection, Rituals "took measures and blocked access." The company also claims, "as far as we know, the data in question has not been made public."

While the full scope of the breach remains under review, the incident highlights the broader wave of cyberattacks hitting Dutch companies. Recent targets include Odido, ChipSoft, Booking.com, and Basic-Fit, with the Odido hack alone affecting 6.2 million people and prompting a class action lawsuit. (DutchNews)

This surge in attacks emphasizes the urgent need for robust data protection practices and diligent compliance to privacy frameworks such as the GDPR. For in-house legal and compliance professionals, the Rituals breach serves as a high-profile reminder to revisit incident response plans, regulatory notification timelines, and risk mitigation strategies.

By the numbers:

  • 41 million — potential customer records affected in Rituals' membership database
  • €2.4 billion — Rituals' reported revenue for 2025
  • 1,500+ — company shops operating in 33 countries

Yes, but: Rituals states that, to its knowledge, the compromised data has not yet been made public.

Based on reporting from

Cosmetics giant Rituals confirms data breach of customer membership records
TechCrunch · Apr 22, 2026

Sponsors

Legal.io

Legal.io is a technology company building a connected network for legal professionals. Their platform enables lawyers and legal teams to collaborate, discover opportunities, and leverage technology to improve the practice of law.

Visit website →

Related articles

In-House

Judge Blocks US Travel and Banking Sanctions on UN Palestine Expert

A federal judge has halted US travel and banking sanctions imposed on UN Palestine Special Rapporteur Francesca Albanese, citing First Amendment concerns and legal protections.

May 15, 20263 min read
In-House

USCIS Tightens Signature Rules on Immigration Filings

USCIS will reject or deny immigration filings with invalid signatures under a new DHS interim final rule effective July 10, 2026, impacting employers and applicants.

May 15, 20262 min read
Legal Tech

California Supreme Court Weighs 'Duty to Innovate' in Gilead Case

The California Supreme Court is considering if pharmaceutical firms have a legal 'duty to innovate' in the Gilead Tenofovir case—an outcome with major product liability implications.

May 15, 20262 min read
Legal TechIn-House

DOJ Accuses Yale Medical School of Racial Bias in Admissions

The DOJ accuses Yale School of Medicine of racial discrimination in admissions, alleging systemic bias against Asian and White applicants and sparking national legal debate.

May 15, 20262 min read