Hackers have stolen personal information from customers of Amsterdam-based cosmetics chain Rituals, in the latest major data breach at a firm operating in the Netherlands.
The stolen data includes full names, addresses, phone numbers, email addresses, dates of birth and gender, Rituals said in an email sent to affected customers. Information about account types and preferred stores may also have been taken, tech site TechRadar reported.
Rituals, which runs a membership programme called MyRituals, said no passwords or payment details were accessed. The breach has been reported to the privacy watchdog AP.
The firm has declined to say how many customers are affected. “For security reasons, we are not currently making any statements about the numbers of members involved,” it told broadcaster Hart van Nederland. Customers in several European countries have received notifications, suggesting the breach extends beyond the Netherlands.
Phishing warning
Rituals says it has no evidence the stolen data has been published online, but is working with external specialists to monitor for any appearance on the dark web.
Customers have been told to watch for phishing messages, since criminals can use real names, birth dates and addresses to make fraudulent emails look convincing.
Rituals was founded in Amsterdam in 2000 and operates more than 1,500 shops across 33 countries, with turnover of €2.4 billion reported for 2025. The company has had recurring trouble with scammers impersonating the brand in “birthday gift” emails over the past year, although it has said those incidents are unrelated to this breach.
Fourth major breach in three months
In February, telecoms firm Odido confirmed a hack affecting 6.2 million current and former customers. The stolen data was later dumped on the dark web after the company refused to pay a €1 million ransom, and a mass claim against Odido was launched this week.
Earlier this month, Booking.com warned customers that reservation data had been accessed, and the fitness chain Basic-Fit said hackers had stolen details of around 200,000 Dutch members and up to one million across Europe.
Thank you for donating to DutchNews.nl.
We could not provide the Dutch News service, and keep it free of charge, without the generous support of our readers. Your donations allow us to report on issues you tell us matter, and provide you with a summary of the most important Dutch news each day.
Make a donation
