Recently, some former and current employees from Shiseido accused Shiseido for breach their personal information. The victims’ personal information was used to open companies, withdraw bank deposits, obtain bank loans and carry out fraudulent operations. But the company’s HR and legal teams refused to provide any help.
Recently, Estée Laundry, a well-known account named as “counterfeit pioneer” in Instagram, exposed the breach of employee information at Shiseido’s UK branch. The company has been accused by some of its employees and former employees of failing to notify affected employees of the breach.
It was revealed that hundreds of former and current employees had their personal information leaked, including address, passport, ID and bank details. This not only had a serious impact on their lives, but even caused some of the (former) employees some property damage.
According to the testimonies provided by Estée Laundry, the victim’s personal information was used to open companies, withdraw bank deposits, obtain bank loans and carry out fraudulent operations.
A former employee of the Shiseido branch told Estée Laundry that a company had been opened in his name to carry out fraudulent activities. In March, he discovered that his information had been stolen and was “forced to pay a court fee to get his name removed from the company.
Another former employee said she “spent more than a month deleting and deactivating personal accounts” and trying to figure out how the person who stole the information managed to get access to the data and related personal information. Unfortunately, she learned from an old colleague that the company to which she had “dedicated six years of her life” was the one that had compromised her personal information.
They had to spontaneously contact former colleagues and employees and inform them of the fact of the breach because the company’s HR and legal teams refused to provide any help, including contacting former employees and alerting them.” An anonymous victim told Estée Laundry.
Several former employees of Estée Laundry have now stated below this post from the company that the information breach is true, and some employees who have worked for other regional branches of Shiseido have also expressed concern about the security of their personal information. Some commenters have even started calling for a boycott of Shiseido, the parent company of NARS and Drunk Elephant. However, neither Shiseido’s headquarters nor its U.K. subsidiary has issued any comments.
If these allegations are confirmed, this would be the second major information breach for Shiseido in six years. In November 2016, it was reported that an online mall operated by Shiseido’s company IPSA was hacked. The intrusion had led to the theft of information and data of nearly 420,000 users, involving their names, addresses, and financial information.
With the rapid development of technologies such as big data and cloud computing, the Internet has brought convenience to consumers, but also brought hidden dangers such as an illegal collection of personal information and leakage of user data.
In recent years, there are few companies/brands that have suffered a crisis of trust due to information breaches, such as Facebook, Alipay, Jingdong and CITIC Bank. In the cosmetics industry, there is also no shortage of companies/brands that have been caught in information leakage scandals.
In July 2020, Avon, a well-known direct-selling cosmetics brand owned by Natura & Co, was revealed to have leaked 19 million records, including personally identifiable information of customers and employees, including full names, phone numbers, birthdays, email and home addresses, and GPS coordinates, due to a cloud server configuration error.
In China, more and more cases of violations are being disclosed as the country strengthens its regulation of personal information security. 2017 saw the media expose the breach of nearly 10 million pieces of user information by a former employee of Lily&Beauty. It is understood that the former employee of Lily&Beauty used the original master administrator account to steal the company’s customers’ personal information and resell it, making illegal profits of nearly $15,700. In this incident, the data leaked by him involved the Tmall flagship stores of many famous cosmetic brands, such as Inoherb, L’Oreal, Mac Factor, Maybelline, and Mamonde.
Recently, a number of APPs were named and notified by the relevant departments for collecting user information in violation of the law, which involved companies in the beauty community including Yunji, Xiaohongshu, NetEase Kaola and so on.
Previously, Guangdong police carried out the cleanup and rectification work of APPs collecting user information beyond the scope in the second quarter of 2019, and a total of 1,048 APPs were monitored and found to have collected user information beyond the scope. Combined with the notice issued by the Ministry of Industry and Information Technology of the People’s Republic of China for the first quarter of telecommunications services, the APPs of the main companies operating the e-commerce platforms, including Xiaohongshu, Netease Kaola and Yunji, all have problems such as the over-scope reading of user contact data, failure to publicize the rules for collecting and using users’ personal information, and failure to inform the channels for inquiring about corrected information. From the current situation of consumers’ personal information being leaked, hacking and security loopholes in the APP system are the main reasons.