Introduction:
Estée Lauder, one of the world’s leading cosmetics companies, has confirmed that it was hit by a cyberattack that affected some of its systems and business operations. The company said it was working to understand the nature and scope of the data that was stolen by an unauthorized third party.
What happened?
According to Reuters1, Estée Lauder became aware of the incident on Tuesday, July 18, 2023, and proactively took down some of its systems to mitigate the impact. The company also began an investigation with the assistance of leading third-party cybersecurity experts and law enforcement.
The company did not reveal further details about the extent of the breach or the impact on its operations, but said that the incident has caused, and is expected to continue to cause, disruption to parts of its business.
Who is behind the attack?
The identity and motive of the attackers are not yet known, but two different cybercrime gangs have claimed credit for the theft of 131 GB of data from Estée Lauder’s systems.
According to Computer Weekly2, one of the groups is BlackCat, which operates a ransomware-as-a-service (RaaS) platform that allows affiliates to launch ransomware attacks and share the profits with the developers. BlackCat posted screenshots of Estée Lauder’s files on its dark web leak site, claiming that it had encrypted more than 1,000 devices and demanded a ransom for decryption.
The other group is Clop, which is known for stealing data from victims before encrypting their systems and threatening to publish or sell the data if they do not pay up. Clop also posted screenshots of Estée Lauder’s files on its leak site, claiming that it had exfiltrated 131 GB of data and demanded a ransom for not leaking it.
It is unclear how both groups managed to access Estée Lauder’s systems or whether they collaborated or competed with each other. Estée Lauder has not commented on whether it has received any ransom demands or whether it intends to pay them.
What type of attack was it?
Based on the available information, it appears that Estée Lauder was targeted by a double extortion attack, which is a type of ransomware attack that combines data encryption with data theft.
Double extortion attacks have become more common and sophisticated in recent years, as cybercriminals seek to increase their leverage and profits by exploiting the sensitive and valuable data of their victims. According to a report by Palo Alto Networks3, double extortion attacks accounted for 81% of all ransomware incidents in 2022, up from 59% in 2021.
Double extortion attacks pose a serious threat to organizations, as they can cause significant operational disruption, reputational damage, regulatory fines, legal liabilities and customer losses. To prevent or mitigate such attacks, organizations need to implement robust cybersecurity measures, such as:
- Regularly backing up data and storing it offline or in a separate network
- Updating and patching systems and applications
- Educating employees about phishing and other social engineering techniques
- Using strong passwords and multi-factor authentication
- Deploying antivirus software and firewalls
- Monitoring network activity and detecting anomalies
- Isolating infected devices and containing the spread
- Reporting incidents and seeking professional help
What are the implications for Estée Lauder?
Estée Lauder is one of the world’s largest beauty companies, with a portfolio of more than 25 brands, including Clinique, MAC Cosmetics, Bobbi Brown, La Mer and Origins. The company operates in over 150 countries and territories, with net sales of $14.9 billion in fiscal year 20224.
The cyberattack could have serious consequences for Estée Lauder’s reputation, customer trust, competitive advantage and financial performance. The company could face lawsuits from customers, employees or shareholders who may have been affected by the breach. The company could also face regulatory scrutiny and penalties from authorities such as the European Union’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), which require organizations to protect personal data and notify data subjects in case of a breach.
Moreover, the cyberattack could affect Estée Lauder’s ability to compete in the global beauty market, which is expected to grow from $511 billion in 2021 to $716 billion by 20255. The company could lose market share to rivals such as L’Oréal, Coty or Shiseido, which may have stronger cybersecurity capabilities or less exposure to cyber risks.
Estée Lauder has not yet disclosed the financial impact of the cyberattack, but it is likely to incur significant costs related to recovery, remediation, investigation, litigation and compliance. The company may also experience lower sales, margins and earnings due to the operational disruption and customer attrition caused by the breach.
Conclusion
Estée Lauder is the latest victim of a double extortion attack, which is a type of ransomware attack that combines data encryption with data theft. The company confirmed that an unauthorized third party had obtained some data from its systems and that the incident had caused disruption to parts of its business operations. Two different cybercrime gangs, BlackCat and Clop, have claimed credit for the attack and demanded ransoms for decryption and non-disclosure. The attack could have serious implications for Estée Lauder’s reputation, customer trust, competitive advantage and financial performance.
1: Estee Lauder hit by cyberattack, some business operations affected
6: Data Heist: What to Know About Estée Lauder’s Attack
2: BlackCat and Clop gangs both claim cyber attack on Estée Lauder
3: Double Extortion Ransomware Attacks Rise Dramatically in 2022
4: The Estée Lauder Companies Reports Fiscal 2022 Full-Year Results
5: Global Cosmetics Market Size & Share | Industry Report, 2019-2025
0 Comments