22 October 2021

Dear Kiehl’s member,

We take data privacy issues seriously and are committed to protecting our customers’ personal data.

We have been notified by Fimmick, a digital marketing agency who handles our customer relationship management program, that their computer system has been attacked by ransomware in September 2021 which caused the leakage of some personal data.

As of 21 October, we were notified by Fimmick that Kiehl’s customer data is impacted by the incident. We are taking this issue very seriously and have already reported the case to The Office of the Privacy Commissioner for Personal Data (PCPD). We are working closely with Fimmick to understand the nature and cause of the incident and will keep our members informed as further relevant information is made available to us.

As a precautionary measure, we would like to remind our members to be vigilant and take the following measures to protect personal data:

• Change the password of your Kiehl’s loyalty program account;
• Beware of any unusual logins of any registered accounts and personal emails; and
• Stay vigilant if you receive any suspicious calls, text messages or emails or any calls, text messages or emails from unknown sources.

If you have any questions or enquiries, please call the Kiehl’s customer hotline at (852) 3180 1651.

Thank you for your support to Kiehl’s.