the logo of the brand "Rituals". Rituals is a company for Cosmetics.

Rituals data breach: what it means for UK customers

Rituals, the Netherlands-based cosmetics brand, has confirmed a data breach affecting customers across Europe, the UK and beyond.

The company says hackers accessed and downloaded data from its membership database, exposing personal information linked to customer accounts.  

What we know so far

Rituals identified what it described as an “unauthorised download” of customer data in April 2026. According to the company, the information taken may include: 

  • Full name 
  • Date of birth 
  • Gender 
  • Postal address 
  • Email address 
  • Phone number 
  • Preferred store location 
  • Account type. 

This isn’t financial data, but it is still highly sensitive. Combined, these details can be valuable to scammers and fraudsters.

The breach affects customers in Europe and the United Kingdom, and some customers in the United States have also been notified.

Rituals has not confirmed how many customers were impacted. However, the company’s membership database reportedly includes more than 41 million users globally. That gives a sense of the potential scale, even if only a portion of those accounts were accessed. 

Rituals has not explained how the attackers gained access or how long they may have been inside its system. The company says its investigation is ongoing.

That level of uncertainty is fairly typical in the early stages of a breach, but it also raises questions about how quickly the issue was identified and contained. 

What Rituals customers should do now

Even without payment details, this type of personal data can still be misused. For example, it can be used to make phishing emails appear more convincing. When multiple pieces of personal information are combined, the risk increases. 

If you have a Rituals account, there are some simple steps worth taking:

  • Be cautious of unexpected emails or messages, even if they appear legitimate 
  • Avoid clicking links or downloading attachments from unknown sources 
  • Use strong, unique passwords for your accounts 
  • Consider enabling two-factor authentication where available 
  • Monitor your accounts for any unusual activity. 

Even if you haven’t been contacted directly to confirm that your data was involved in this breach it’s sensible to stay alert.

In some cases, data breaches like this can lead to legal claims, particularly if there is evidence that security measures were not strong enough. If you’ve been contacted by Rituals, keep hold of any emails or notifications.

These can be useful if more information comes to light later. 

Join the Claim connects consumers with SRA-regulated lawyers. Keep an eye out for updates on any potential claim and possible eligibility checks/registration opportunities.

This information is for general guidance only and does not constitute legal or financial advice.

You may also like:

  • Environment, News, Vehicle

Can BMW drivers claim compensation for the diesel emissions scandal?

BMW faces legal action over emissions-cheating software. Learn what the scandal involves, who is affected, and what it means for UK diesel car owners.
  • Data Breach, Financial, News

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.
  • News, Vehicle

Jaguar Land Rover DPF claims vs. dieselgate: What you need to know

Confused about Jaguar Land Rover DPF claims vs. Dieselgate? Learn the key differences, legal actions, and how to check if you qualify for compensation.

Latest news & insights

Close-up of a person using a smartphone with the ChatGPT app open.
Are ChatGPT conversations appearing in Google search results? Here’s what we know.
Reports claim ChatGPT conversations are appearing in Google search results. We examine what's really happening.
Woman holding iPhone with logo of application Booking.com on the screen, using mobile application
Booking.com faces proposed £2 billion consumer claim over hotel prices
A proposed £2 billion claim alleges Booking.com's pricing practices inflated hotel costs for millions of UK travellers. Here's what we know so far.
Warning to supermarket store workers: If you want equal pay compensation, you’ll need to claim it!
Many UK supermarket workers are confused about equal pay claims. Learn why backpay isn’t automatic and what opt-in group actions really mean.
Close-up of the NHS - National Health Service logo on the exterior of St. Thomas Hospital in London, UK
What is the NHS Single Patient Record, and why is it being debated?
Plans for a NHS Single Patient Record moved a step closer last week. But there are important questions about privacy & data security.
Teenagers with smartphones on social media near white wall indoors
Social media is facing growing scrutiny. Here’s why.
Explore the growing debate around social media safety, online harms, platform accountability, child safety, addictive features and digital rights.
An expert hacker is decrypting data while hiding their face
Hackers are changing tactics – and it could mean more data breaches
Hackers are increasingly exploiting software vulnerabilities rather than stealing passwords. Here's what that could mean for UK consumers.
Managing the validity of digital document checklists
New data complaint rules are coming in June 2026
New data protection complaint rules take effect on 19 June 2026. Find out what organisations must do and what the changes mean for consumers.
Hand holding a digital ID card with user profile symbol.
Digital ID plans move into next phase — but key questions remain
The government's digital ID plans have entered a new phase with the launch of a 120-member People's Panel. 
Text STUDENT LOAN visible through magnifier, money and stack of books on light table against blackboard
Why plain English matters in financial agreements
A new parliamentary inquiry found thousands of graduates did not properly understand their student loan terms. Here’s why plain English matters in financial products and legal agreements.
Woman is shocked from the rising energy costs and the bill she received for heat and electricity for her household.
UK energy bills to rise again as Iran conflict hits gas prices
UK household energy bills are set to rise by 13% from July 2026 after global gas prices surged during the Iran conflict. Here’s what it could mean for households.
Black British passport on UK Union Jack flag close up
UK visa portal data leak exposes passports and personal documents 
Thousands of passport scans and personal documents were reportedly exposed online after a third-party UK Visa Portal website left files publicly accessible.
boy scrolling through social media on his mobile phone
Is social media the next “big tobacco”?
The UK government is considering tougher social media restrictions for children. Could this lead to large-scale legal claims against tech platforms?
What we’ve been working on at Join the Claim in May
A round-up of what we’ve been working on in May at Join the Claim, including claims to watch, legal developments and practical consumer guides.
A business person using laptop with visual screen Scam Alert warning sign for scams with icons
Scam alert update: May 2026
Stay alert this May with the latest scam warnings from Join the Claim
Office, serious and business woman on laptop for class actions
Could opt-out class actions expand in the UK? What consumers need to know
The UK is reviewing whether opt-out class actions could expand beyond competition law. Here’s what the proposed reforms could mean.
View all news

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the Claim is a trading name of Join the Claim Limited, authorised and regulated by the Financial Conduct Authority (FRN: 1053404). Registered in England and Wales, Company No: 16245278. Registered office: 32 Eyre Street, Sheffield, S1 4QZ.

© Join the Claim All Rights Reserved |

2026
Go to claims