Estee Lauder
Image: Marek Studzinski via Unsplash

BlackCat, Clop claim ransomware attack on cosmetics maker Estée Lauder

U.S. cosmetics manufacturer Estée Lauder has suffered a cyberattack, the company confirmed on Tuesday.

According to a company statement, hackers gained unauthorized access to its systems and stole some data.

Estée Lauder, the owner of the brands Clinique, MAC and Dr. Jart+, shut down some of its systems to mitigate the incident and launched an investigation in cooperation with law enforcement and cybersecurity experts.

“The incident has caused and is expected to continue to cause disruption to parts of the company’s business operations,” its statement said. The nature and the scope of the attack are yet to be determined.

Two ransomware groups, Clop and ALPHV, also known as BlackCat, listed Estée Lauder as a victim.

The BlackCat hackers claimed to have successfully stolen more than 130 gigabytes of the company's data, but did not encrypt the network. They also claimed to have operated independently from Clop, who may have exploited vulnerabilities in the MOVEit file transfer software to target the company.

This incident comes at a difficult time for Estée Lauder as it has forecast a drop in sales and profits for this year, blaming a slow recovery from the COVID-19 pandemic in duty-free and travel destinations.

Estée Lauder’s products are sold in approximately 150 countries. It is one of the world’s largest manufacturers of skincare, makeup, fragrance, and hair care cosmetics.

The company did not respond to a request for comment.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.