The UK branch of cosmetics giant Shiseido has reportedly fallen victim to a data breach involving personal details belonging to “hundreds” of former and current employees.
The Japanese company has been accused of failing to notify the affected staff that their data, including address information, passport and ID images, and bank details, had been stolen.
Several employees have reported being victims of fraud, with their personal data being used to open fraudulent businesses as well as take out bank loans and insurance, according to testimonies obtained by beauty industry watchdog Estee Laundry.
Shiseido’s management and HR department had reportedly “denied responsibility, refusing to contact ex-employees to alert them”.
“We have had to contact ex-colleagues and staff ourselves,” one anonymous source told Estee Laundry, adding that the company’s HR and legal teams “refused to offer any help”.
This has resulted in some victims of the breach being forced to take on the scammers themselves as well as cover the expenses of having their names cleared. After discovering in March that their personal information had been used to open a fraudulent business, another anonymous employee was forced to “pay court fees to get [themselves] removed from the company”.
Another former employee said that they had “spent over a month deleting and deactivating accounts” while not knowing how scammers managed to obtain the personal data.
RELATED RESOURCE
Oracle’s modern data platform strategy
Freedom from manual data management
FREE DOWNLOAD
In both cases, the victims were ultimately notified about the data breach by former Shiseido colleagues. The incident is said to be limited to Shiseido’s UK branch.
Shiseido wasn’t immediately available to comment on the allegations. If confirmed, this would be the second mass data breach involving the cosmetics company in six years, following a 2016 case that saw the personal details of 420,000 customers leaked. The data obtained by the hackers included credit card information belonging to 56,000 users who had made purchases through Shiseido’s online store over a time period close to five years, between 14 December 2011 and 4 November 2016.
Shiseido is known to use single sign-on (SSO) authentication provided by CyberArk Identity for its 30,000 employees worldwide.
-
M&S suspends online sales as 'cyber incident' continuesNews Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
The business value of Zscaler Data ProtectionWhitepaper Understand how this tool minimizes the risks related to data loss and other security events
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Three essential requirements for flawless data protectionWhitepaper Want a better CASB and stronger DLP? You have to start with the right foundation
-
C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away'News Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says
-
The gratitude gapWhitepaper 2023 State of Recognition
-
The top five risks of perimeter firewallsWhitepaper ...and the one way to overcome them all
-
Redefining modern enterprise storage for mission-critical workloadsWhitepaper Evolving technology to meet the mission-critical needs of the most demanding IT environments
-
The business value of storage solutions from Dell TechnologiesWhitepaper Streamline your IT infrastructure while meeting the demands of digital transformation
