Rituals Confirms European Customer Data Breach, Withholds Impact Numbers

Rituals, headquartered in Amsterdam, operates over 1,500 stores in 33 countries and reported €2.4 billion turnover in 2025. The company recently detected unauthorized access to its systems, leading to a data exposure affecting customers across multiple European nations.

Attackers obtained names, physical addresses, phone numbers, email addresses, birth dates, and gender. Information linked to the MyRituals loyalty program—such as store preferences and account traits—was also taken. Rituals stated that passwords and payment card data were not compromised. The firm has not disclosed the scale of the breach, citing operational security.

The stolen personal details are valuable for highly targeted phishing and social‑engineering campaigns, increasing the risk of credential theft and fraud. While financial data appears safe, the behavioral data enables attackers to craft convincing messages that reference recent purchases or store visits.

- Enable multi‑factor authentication on all customer‑facing accounts and monitor for anomalous login attempts (MITRE ATT&CK T1078). - Review web‑application logs for signs of credential stuffing or session hijacking (T1110). - Deploy email‑gateway rules that flag messages containing leaked personal details (T1566.002). - Advise customers to scrutinize unexpected communications requesting additional information or containing links, and to report suspected phishing.