French cosmetics company Clarins has been hit by a data security incident which “may involve” Singapore customers’ personal information, it said on Jan 11.
The company said in a statement on its website that the incident was due to a critical vulnerability in a widely used software known as Log4j. Log4j, which is an open-source software used to support activity-logging in many Java-based applications, was used to manage Clarins’ database containing personal data of its Singapore customers. Clarins became aware of the security breach when a staff member could not access its database.
The data accessed may have included customers’ personal information such as name, address, email, phone number and Clarins loyalty programme status, it added. Based on its “investigations to-date”, the data did not include any password, credit card or payment information as the server accessed “did not include such information”, said Clarins.
