Current Issue cover

Estée Lauder's Cybersecurity Blunder Makes 440M Records Accessible

Contact Author
Fill out my online form.

More than 440 million of Estée Lauder's records were temporarily made publicly available but did not feature consumer data.

Estée Lauder experienced a cybersecurity setback when security researcher Jeremiah Fowler discovered a non-password protected database of more than 440 million records was publicly exposed, according to an article on Cyber Security Hub.

Previously: Estée Lauder Q2 2020 Sales Increase by 15%

The same day it received a responsible disclosure notice, Estée Lauder restricted public access to the database. The email addresses in the database were not consumer emails, but assumed to be part of business to business activities, according to the article.

The company issued the following statement:

On 30 January, 2020, we were made aware that a limited number of non-consumer email addresses from an education platform were temporarily accessible via the internet. This education platform was not consumer facing, nor did it contain consumer data. We have found no evidence of unauthorized use of the temporarily accessible data. The Estée Lauder Companies takes data privacy and security very seriously. As soon as we became aware, we took immediate action to secure the data and notify appropriate parties.