Estée Lauder, a US-based cosmetics group, confirmed a ransomware attack on its infrastructure, disrupting some of its business operations.

Two ransomware groups – BlackCat and Clop, have listed Estée Lauder as their victim, while the company confirmed only one. While BlackCat is frustrated on not receiving any response from the company despite repeated emails, the Clop gang claims it has 131GB of data stolen via the MOVEit Transfer attack.

Hit by Two Ransomware Gangs

Estée Lauder, a US-based group holding a range of cosmetic brands worldwide, is hit by a ransomware attack, the company revealed this week in an SEC filing. It said a threat actor (without mentioning any name) had accessed its systems and may have stolen data.

Though the company didn’t provide many other details, it claims to have acted proactively and taken down some systems to stop the spreading of ransomware infection. It also confirmed that the attack had disrupted some of their business operations and has been focusing on remediation efforts.

In a separate incident, the Clop ransomware gang claimed to hit Estée Lauder through the MOVEit Transfer attack, which compromised hundreds of other companies. Claiming over 131GB of stolen data from Estée Lauder, the Clop gang said, “The company doesn’t care about its customers; it ignored their security!!!

Aside from this, the BlackCat ransomware group has also listed Estée Lauder in its data leak site – with a message expressing their dissatisfaction towards the company’s silence to their extortion attempts.

“We first wrote to the ELC leadership on 15 July 2023 to their corporate and personal emails. At 9:43 MSK (UTC +3).”

BlackCat says it didn’t encrypt any of Estée Lauder’s systems but has data that can impact customers, company employees, and suppliers. The group also pushes Estée Lauder to negotiate to know more details about the stolen data.