We have identified an unauthorised download of part of our members’ data.  As soon as we were alerted to this incident, we acted promptly to resolve it. We can confirm that no passwords or payment information were accessed. 

Yes. Immediately upon discovery, we took measures and stopped the unauthorised download. The situation is now contained.

The personal data involved (to the extent you have shared it with us) may include full name, email address, phone number, date of birth, gender, home address. No passwords or payment information were involved. 

We understand why this may raise concerns. The birthday gift scam messages did not come from Rituals. Based on our investigation, there is no link between this incident and the earlier birthday gift scam messages.

No passwords or payment information were involved.  

The unauthorised download took place in April 2026.

We have initiated an in-depth forensic investigation to understand how this happened and what measures we can take to prevent a similar incident in the future. We have also reported it to the relevant authorities. 

After we discovered the incident and stopped the unauthorised download, we investigated what had happened and what data was taken. Once we had that information, we informed all our affected members by email.  

To the best of our knowledge, we have not seen the extracted data become publicly available. We will continue to monitor this closely.

We have contained the situation, there is no action required from you. No passwords or payment information were involved. To the best of our knowledge, we have not seen the extracted data become publicly available. We do advise you to stay alert for phishing messages.

We take the protection of your personal data seriously. Our IT teams work with external cyber security experts to ensure we meet industry-standard practices and how we can continue to improve security.

You receive an email or text message that appears to come from a trusted organisation. The message uses your name and may include, for example, your date of birth. This is a commonly used phishing tactic to build trust and encourage you to click on a malicious link. If you click the link, you may be redirected to a fake page where you are asked to enter your (online banking) password. 

Phishing can also occur via a phone call, in which someone pretends to represent a legitimate organisation.  

If a message doesn’t feel right, don’t click any links and don’t share personal or payment details. Close the message or end the call. Then contact the organisation directly using the official contact details from their website. If the message claims to be from Rituals, you can always reach us at service@rituals.com.

You can submit your request via our Contact Form and select “Right to delete my personal data" via this link.