Tarte Cosmetics has suffered a security breach affecting approximately 2 million customers, according to a report published by Revelist.

Problems first arose in September when the company’s automated email service suffered a ‘glitch’, affecting 1,400 orders. At the time, Tarte claimed that the incident was not caused by a security breach.

However, during a routine security audit, software firm Kromtech discovered that Tarte’s database was public, meaning personal information for some 2 million customers – or those who had made online purchases between 2008 and 2017 – was viewable, and therefore open to misuse.

“What immediately drew our attention was the fact that it was unprotected, available for anyone to view and even edit,” Bob Diachenko, Chief Security Communications Officer at Kromtech told Revelist.

“At Tarte, keeping customer information fully secure is our No.1 priority,” James Novara, Tarte Cosmetics’ President of E-commerce told Gizmodo. “We are aware of this potential issue, which we are actively investigating. At the same time, we are taking every measure available to ensure the highest level of protection for all corporate data, and we will keep our customers and partners informed as necessary.”