IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Shiseido reportedly suffers data breach

The Japanese cosmetics company has been accused of failing to notify affected staff of the leak

Shoppers walk past Japanese multinational personal care company Shiseido store seen in Hong Kong

The UK branch of cosmetics giant Shiseido has reportedly fallen victim to a data breach involving personal details belonging to “hundreds” of former and current employees.

The Japanese company has been accused of failing to notify the affected staff that their data, including address information, passport and ID images, and bank details, had been stolen.

Several employees have reported being victims of fraud, with their personal data being used to open fraudulent businesses as well as take out bank loans and insurance, according to testimonies obtained by beauty industry watchdog Estee Laundry.

Shiseido’s management and HR department had reportedly “denied responsibility, refusing to contact ex-employees to alert them”.

“We have had to contact ex-colleagues and staff ourselves,” one anonymous source told Estee Laundry, adding that the company’s HR and legal teams “refused to offer any help”.

This has resulted in some victims of the breach being forced to take on the scammers themselves as well as cover the expenses of having their names cleared. After discovering in March that their personal information had been used to open a fraudulent business, another anonymous employee was forced to “pay court fees to get [themselves] removed from the company”. 

Another former employee said that they had “spent over a month deleting and deactivating accounts” while not knowing how scammers managed to obtain the personal data.

Related Resource

Oracle’s modern data platform strategy

Freedom from manual data management

Oracle’s Modern Data Platform StrategyDownload now

In both cases, the victims were ultimately notified about the data breach by former Shiseido colleagues. The incident is said to be limited to Shiseido’s UK branch.

Shiseido wasn’t immediately available to comment on the allegations. If confirmed, this would be the second mass data breach involving the cosmetics company in six years, following a 2016 case that saw the personal details of 420,000 customers leaked. The data obtained by the hackers included credit card information belonging to 56,000 users who had made purchases through Shiseido’s online store over a time period close to five years, between 14 December 2011 and 4 November 2016. 

Shiseido is known to use single sign-on (SSO) authentication provided by CyberArk Identity for its 30,000 employees worldwide.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022