Yves Rocher has suffered a data leak which has exposed the personal data of 2.5 million Canadian customers to the public, according to a report published by Threat Post.
The leak is said to have stemmed from a third-party consultant, Aliznet, who is charged with leaving a database containing sensitive company information inadequately protected. Aliznet’s clients include Sephora and Christian Louboutin.
“The biggest impacts will be felt by Aliznet, its client Yves Rocher and the retail company’s end customers,” wrote the vpnMentor Researchers who discovered the breach, per Threat Post. “The Aliznet leak has wider-reaching consequences than the impact on individual customers. The data breach impacts Aliznet’s clients who placed their trust in the company to protect their sensitive information. One concern is that Aliznet may have other unsecured databases and applications that haven’t been discovered yet. That means other clients of Aliznet may be at risk.”