25 Oct Popular Makeup Brand Exposes Private Data of 2 Million Customers
Kromtech Security recently discovered that Tarte Cosmetics, a brand carried by major retailers such as Sephora and Ulta, compromised the personal information of around 2 million of their customers.
The information, which included names, emails, shipping addresses, and partial credit card numbers, were left in an unsecured databases which was publicly viewable. The security researchers also found a warning note left by ransomware group CRU3LTY who demanded 0.2 bitcoins for the recovery of the database.
Tarte VP of e-commerce & IT James Novara issued a statement assuring their customers that they are actively investigating the issue and will keep all involved parties informed.