Estée Lauder - internal data stolen after being hit by two separate ransomware attacks

If you thought hackers might be causing your company a few headaches, pity the folks at Estée Lauder.

Two different ransomware groups have listed the cosmetics maker on their leak sites on the dark web, as a result of seemingly separate attacks.

Beauty firm Estée Lauder has revealed earlier this week that it has suffered a "cybersecurity incident" that saw malicious hackers gain unauthorised access to its systems and the theft of data.

As Bleeping Computer reports, the ransomware group known as BlackCat posted a message on its leak site voicing its dissatisfaction that Estée Lauder Companies Inc has not responded to the extortion emails it has been sent:

“We first wrote to the ELC leadership on 15 July 2023 to their corporate and personal emails. At 9:43 MSK (UTC +3)."

“We sent further emails from the same address, but received no reply”

The notorious BlackCat gang went on to say that it had not bothered to encrypt any of Estée Lauder's data, seemingly preferring to concentrate on exfiltrating a claimed 130GB of information which - if released - could potentially impact workers, suppliers, and customers.

Estée Lauder's silence suggests that it may have decided to adopt a firm policy of not negotiating with its blackmailers.

BlackCat, meanwhile, says that Estée Lauder has also fallen victim to the Cl0p ransomware gang - which exploited vulnerabilities in the Progress MOVEit Transfer application to steal data.

Cl0p's data leak site claims that 131GB of data was stolen from Estée Lauder via exploitation of the security hole, and that the company "doesn't care about its customers, it ignored their security!!!"

In its press release, Estée Lauder says that it has brought in third-party cybersecurity experts to investigate the cybersecurity breach, and is working to understand the nature and scope of the data accessed.