October 2, 2023

Estée Lauder, a cosmetic conglomerate, has been listed on the data leak sites of BlackCat and Clop group.

The Estée Lauder Companies verified one of the attacks, stating that the threat actor had gained access to some of its systems and may have stolen data.

The company has proactively and pulled down several services to stop intruders from extending their reach on the network, although it did not go into great detail about the incident.


The cosmetics brand has declared that investigations are ongoing together with support from leading third-party cybersecurity experts.

It appears as if the Clop ransomware gang gained access to the company after exploiting a vulnerability in the  MOVEit  Transfer platform for secure file transfers and stolen 131GB of data

The company was included in BlackCat’s list of victims. but the listing is accompanied by a note expressing the threat actor’s displeasure with Estée Lauder for refusing to respond to their extortion emails.

Despite using Microsoft’s Detection and Response Team (DART) and Mandiant, the network remained infiltrated, and they still had access, despite the fact that Estée Lauder had hired security specialists to look into the matter.


The threat group also said that they did not encrypt any of the company’s systems, stating that unless the beauty company engages in negotiations they will reveal more details about the stolen data. BlackCat hinted that the information stolen might have an effect on clients, staff members, and suppliers.

Estée Lauder informs that their focus is on remediation, including efforts to restore impacted systems and services, and that the incident has caused, as is expected to continue so, disruptions to parts of the company’s business operations.

Leave a Reply

%d bloggers like this: