Share this article on:
Make-up and skincare brand Estée Lauder has been caught up in a major cyber attack, with two of the most prolific hacking groups fighting to take credit.
The company issued a statement on Tuesday (18 July) saying it had detected a cyber incident in which a third party accessed its systems. It also said that in response, it disabled some of its systems to secure its data and has engaged cyber security experts.
“After becoming aware of the incident, the company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cyber security experts. The company is also coordinating with law enforcement,” it said in the statement.
“Based on the current status of the investigation, the company believes the unauthorised party obtained some data from its systems, and the company is working to understand the nature and scope of that data.”
The attack has been claimed by both the Clop and ALPHV ransomware groups, both of which have been responsible for major attacks of late, with the former behind the MOVEit supply chain attack and the latter responsible for the HWL Ebsworth cyber attack.
ALPHV made a post mocking Estée Lauder’s cyber expert, saying that despite its efforts, it has accessed its systems for over two weeks.
“It seems they have been using Microsoft DART and Mandiant services for the last two weeks. Somehow we are still on the network despite these ‘experts’ working very hard,” ALPHV said.
The threat group added that it had not encrypted the make-up brand’s site and would wait before revealing how it accessed and stole the data. It did, however, claim that it had stolen over 131 gigabytes of data from Estée Lauder.
While Clop didn’t explicitly state it was responsible for the attack, it posted a single sentence that it usually does when it lists a victim on its leak site.
“The company doesn’t care about its customers, it ignored their security!!!,” it said.
Estée Lauder has said that following the attack, it will be implementing additional measures to ensure its data security and will focus on restoring affected systems.
“The company is implementing measures to secure its business operations and will continue taking additional steps as appropriate,” it said.
“During this ongoing incident, the company is focused on remediation, including efforts to restore impacted systems and services.
“The incident has caused, and is expected to continue to cause, disruption to parts of the company’s business operations.”