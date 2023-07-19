Estée Lauder Companies, the organisation behind global cosmetics brands such as Aveda, Clinique, Estée Lauder, Mac and Origins, has suffered a cyber attack that appears to have been the work of two distinct groups, namely the ALPHV/BlackCat and Clop ransomware operations.

Full details of the still-unfolding incident have yet to emerge, but in a statement, the organisation said it believed it has resulted in data exfiltration. It is currently seeking to establish the nature and scope of that data.

In a statement, the group said: “The Estée Lauder Companies Inc has identified a cyber security incident, which involves an unauthorised third party that has gained access to some of the company’s systems.

“After becoming aware of the incident, the company proactively took down some of its systems and promptly began an investigation with the assistance of leading third-party cyber security experts. The company is also coordinating with law enforcement.”

The organisation said it was currently implementing further measures to secure its operations and would take additional steps if needed. It added that it remains fully focused on remediation, including attempts to restore impacted systems, but acknowledged that the incident has and will continue to cause disruption to parts of its operations.

Meanwhile, the disclosure has attracted attention in the security community since both BlackCat and Clop have claimed responsibility.

On 18 July, Clop, the ransomware-cum-extortion operation behind the ongoing MOVEit Transfer breach, named Estée Lauder Companies on its dark web leak site, following either the failure or non-occurrence of negotiations.