Estee Lauder Cyber Attack Causes Operational Disruption


Share this content


An Estee Lauder cyber attack has been confirmed, with reports suggesting some of its business operations are facing disruption after the major cosmetics maker was hit by hackers.

The company confirmed that a hacker had obtained data from its systems.

The MAC Cosmetics brand was actively engaged in the process of restoring the impacted systems and had set in motion a series of precautionary steps to bolster the security of its operations.

This included the strategic decision to temporarily deactivate certain systems as a countermeasure against the incident, as expressed by the company via an official statement.

Estee Lauder, the parent company of renowned cosmetics labels including Bobbi Brown and Tom Ford Beauty, decided against revealing any further details concerning the impact on its operations as a result of the cyber attack.

Nevertheless, the company stated that it was actively investigating the matter to ascertain the true nature of the cyber attack and the scale of the data breach.

Cyber Attack Impacts Systems & Services

In an official statement, Estée Lauder confirmed that it “proactively took down some of its systems and promptly began an investigation” after becoming aware of the cyber-attack.

The MAC Cosmetics owner is working with leading third party cybersecurity experts.

“The company is implementing measures to secure its business operations and will continue taking additional steps as appropriate.” the statement added.

“During this ongoing incident, the company is focused on remediation, including efforts to restore impacted systems and services.”

“The incident has caused, and is expected to continue to cause, disruption to parts of the company’s business operations.”

Who Carried Out the Estee Lauder Cyber Attack?

IT Professional Hacked
Many multinational corporations are hacked every year. Image source: Shutterstock

Both BlackCat and Clop have claimed responsibility for the Estee Lauder cyber attack, which as a result has attracted a great deal of attention within the security community.

No information regarding the method it used to gain entry into the target systems has been released to the public.

In a statement, a BlackCat representative wrote:

“Estée Lauder, under the control of a family of billionaire heirs. Oh, what these eyes have seen. We will not say much for now, except that we have not encrypted their networks. Draw your own conclusions for now. Maybe their data was worth a lot more.”

“And another note to the public, ELC been attacked [sic] by our colleagues at Cl0p regarding the MOVEit vulnerability attacks. We are not sure if anything came of this, but we only knew because they mentioned it in their emails.”

“We have reiterated to ELC that we are not associated with them and that this is completely separate.”

On July 18th, the group responsible for the ongoing MOVEit Transfer breach, known as Clop, posted Estée Lauder Companies on its dark web leak site.

This came after ransomware negotiations either fell through or didn’t occur as expected.

The prolific gang has also recently claimed responsibility for infiltrating other entities, including Barts NHS Trust and digital storage provider WD (Western Digital).

Researcher Dominic Alvieri reported that among these victims were American Airlines and the UK communications regulator Ofcom.

It’s worth noting that Ofcom had already revealed its involvement in the MOVEit incident.

It’s still unclear whether Estée Lauder Companies directly used Progress Software’s MOVEit Transfer file transfer tool, which Clop exploited with a zero-day attack nearly two months ago.

Alternatively, like numerous others, the company might have been compromised through a third-party supplier.

Attack Comes During Difficult Financial Times

This incident couldn’t have happened at a more crucial time for the cosmetics giant.

Back in May, they had already predicted that sales and profits for the year would be weaker than originally expected.

They pointed the finger at the sluggish recovery in duty-free shops and travel hotspots, especially in Asia.

Receive the latest breaking news straight to your inbox