Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
The Estée Lauder Companies Inc.

The Estée Lauder Companies Inc. Vendor Cyber Rating & Cyber Score

elcompanies.com

The Estée Lauder Companies Inc. is one of the world’s leading manufacturers, marketers, and sellers of quality skin care, makeup, fragrance, and hair care products, and is a steward of outstanding luxury and prestige brands globally. The company’s products are sold in approximately 150 countries and territories under brand names including: Estée Lauder, Aramis, Clinique, Lab Series, Origins, M·A·C, La Mer, Bobbi Brown Cosmetics, Aveda, Jo Malone London, Bumble and bumble, Darphin Paris, TOM FORD, Smashbox, AERIN Beauty, Le Labo, Editions de Parfums Frédéric Malle, GLAMGLOW, KILIAN PARIS, Too Faced, Dr.Jart+, the DECIEM family of brands, including The Ordinary and NIOD, and BALMAIN Beauty. To explore our current job openings, go to


ELCI A.I CyberSecurity Scoring

ELCI
Company Information
Website:http://www.elcompanies.com
Employees number:52,420
Number of followers:1,888,132
NAICS:32562
Industry Type:Personal Care Product Manufacturing
Homepage:elcompanies.com
ELCI Risk Score (AI oriented)
Between 600 and 649
logo
ELCIPersonal Care Product Manufacturing
Updated:
13/07/2026
618/1000
Poor
Caa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
ELCI Global Score (TPRM)
xxxx
logo
ELCIPersonal Care Product Manufacturing
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

ELCI
ELCIPoor
Current Score
618Caa (POOR)
01000
5 incidents
-32 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
667Before Incident
Breach
10 Jul 2026ELCI
Estée Lauder Companies Inc.: Estée Lauder Data Breach Exposes Health Information and SSNs

Estée Lauder Major Data Breach Affecting Sensitive Customer Information

618After Incident
CRITICAL-49
THE1783960835
Estée Lauder Discloses Major Data Breach Affecting Sensitive Customer Information Estée Lauder Companies Inc., a global leader in prestige beauty, has reported a data breach that exposed highly sensitive personal information. While the exact number of affected individuals in the U.S. remains undisclosed, the compromised data includes Social Security numbers, financial account details, credit and debit card information, government ID numbers, and health records. Key details of the incident such as the attack method, timeline, and how the breach was detected have not been made public. The company filed a breach notification with the Vermont Attorney General on July 10, 2026. Estée Lauder has indicated that impacted individuals will receive direct notifications in the coming weeks, outlining the nature of the breach, the specific data exposed, and any available resources. The company has also advised recipients to verify the legitimacy of any communications by contacting Estée Lauder directly through its official website rather than relying on unverified sources.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Data Compromised: Social Security numbers, financial account details, credit and debit card information, government ID numbers, health recordsIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
Type Of Data Compromised: Personal and financial information, health recordsSensitivity Of Data: HighPersonally Identifiable Information: Social Security numbers, government ID numbers, financial account details, credit/debit card information, health records
JUNE 2026
667Before Incident
MAY 2026
664Before Incident
APRIL 2026
663Before Incident
MARCH 2026
674Before Incident
Cyber Attack
17 Mar 2026ELCI
Estée Lauder, Broadcom, Abbott Technologies, Oracle and Bechtel: Silence from the Corporate Giants: Four Companies Yet to Comment on Oracle EBS Hack

Oracle E-Business Suite Hack Leaves Four Major Companies Silent on Impact

659After Incident
CRITICAL-15
BROBECTHEORAABB1773750615
Oracle E-Business Suite Hack Leaves Four Major Companies Silent on Impact A recent cyberattack targeting Oracle E-Business Suite (EBS) has disrupted organizations reliant on the platform for critical business operations, including finance, supply chain, HR, and procurement. While many companies have responded with public disclosures and mitigation efforts, Broadcom, Bechtel, Estée Lauder, and Abbott Technologies have yet to issue any statements, raising concerns about transparency and crisis management. The breach exposes vulnerabilities in a widely used enterprise software suite, threatening the integrity of sensitive corporate and customer data. Security researchers and incident response teams are assessing the full scope of the compromise, with affected organizations working to determine exposure and prevent follow-on attacks. In contrast to the silent four, other companies have taken proactive steps, including acknowledging the breach, implementing security measures, collaborating with cybersecurity firms, and notifying stakeholders. This approach is considered best practice in handling enterprise-wide software vulnerabilities. The continued silence from Broadcom, Bechtel, Estée Lauder, and Abbott Technologies leaves stakeholders uninformed about potential risks, data protection efforts, and the companies’ cybersecurity commitments. The lack of disclosure may also invite regulatory scrutiny, particularly for publicly traded firms, while risking long-term reputational damage. As cybersecurity incidents grow in frequency and severity, transparent communication is increasingly seen as a corporate obligation both for stakeholder trust and legal compliance. The absence of updates from these four companies underscores a critical gap in modern incident response policies.
INCIDENT DETAILS -
TYPE
Cyberattack
IMPACT
Data Compromised: Sensitive corporate and customer dataSystems Affected: Finance, supply chain, HR, and procurement systemsOperational Impact: Disruption of critical business operationsBrand Reputation Impact: Potential long-term reputational damage
DATA BREACH
Type Of Data Compromised: Sensitive corporate and customer dataSensitivity Of Data: High
FEBRUARY 2026
673Before Incident
JANUARY 2026
670Before Incident
DECEMBER 2025
751Before Incident
NOVEMBER 2025
750Before Incident
OCTOBER 2025
748Before Incident
SEPTEMBER 2025
747Before Incident
AUGUST 2025
746Before Incident
JUNE 2025
736Before Incident
Ransomware
16 Jun 2025ELCI
Broadcom

Cl0p Exploits Zero-Day Vulnerabilities in Oracle E-Business Suite Leading to Massive Data Breaches

649After Incident
CRITICAL-87
BRO3105131112625
Broadcom, a global technology leader valued at hundreds of billions, was among the high-profile victims of Cl0p’s ransomware attack exploiting a zero-day vulnerability in Oracle’s E-Business Suite (CVE-2025-61882 and CVE-2025-21884). The cybercriminal group exfiltrated sensitive corporate and customer data, threatening to leak or sell it unless a ransom was paid. The breach compromised critical systems, risking financial records, proprietary business data, and third-party customer information. Cl0p’s extortion tactics included warnings of public disclosure on their blog, torrent leaks, or sales to malicious actors, amplifying reputational and operational risks. Given Broadcom’s role in semiconductor and infrastructure technology, the attack posed supply chain cascading risks, potentially disrupting clients reliant on its products. Oracle issued emergency patches, but the damage—including data theft, potential regulatory fines, and erosion of stakeholder trust—had already occurred. The incident underscores vulnerabilities in enterprise software dependencies, with Broadcom facing long-term financial and strategic repercussions if the stolen data is weaponized.
INCIDENT DETAILS -
TYPE
RansomwareData BreachZero-Day Exploit
MOTIVATION
Financial Gain (Ransomware Extortion)
IMPACT
Oracle E-Business Suite (EBS) versions 12.2.3–12.2.14Operational Impact: Significant (data exfiltration, potential system compromise)Brand Reputation Impact: High (public disclosure of breaches, ransom demands)Identity Theft Risk: High (PII and sensitive corporate data exfiltrated)
DATA BREACH
Corporate DataCustomer DataSensitive Business InformationSensitivity Of Data: High
JULY 2023
764Before Incident
Breach
11 Jul 2023ELCI
The Estée Lauder Companies Inc.

Estée Lauder Companies Inc. Data Breach

705After Incident
CRITICAL-59
THE313080425
The Washington State Office of the Attorney General reported that The Estée Lauder Companies Inc. experienced a cyberattack on July 11, 2023, affecting approximately 150,535 Washington residents. The breach involved unauthorized access to personal information, including names, dates of birth, email addresses, and passwords, with the notification made on August 31, 2023.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
namesdates of birthemail addressespasswords
DATA BREACH
namesdates of birthemail addressespasswords
MAY 2023
807Before Incident
Breach
01 May 2023ELCI
The Estée Lauder Companies Inc.

Data Breach at The Estée Lauder Companies Inc.

762After Incident
MEDIUM-45
THE409072625
The Maine Office of the Attorney General reported a data breach involving The Estée Lauder Companies Inc. on October 19, 2023. The breach occurred between May 30 and June 1, 2023, due to an external system breach affecting files transferred through Progress Software's MOVEit Transfer, compromising the driver's license number and Social Security number of 3 individuals, including 1 resident of Maine.
INCIDENT DETAILS -
TYPE
Data Breach
IMPACT
Driver's License NumberSocial Security NumberProgress Software's MOVEit Transfer
DATA BREACH
Driver's License NumberSocial Security NumberSensitivity Of Data: High

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for ELCI ?
?
What was ELCI's A.I Rankiteo Cyber Score in June 2026 ?
?
What was ELCI's A.I Rankiteo Cyber Score in May 2026 ?
?
What was ELCI's A.I Rankiteo Cyber Score in April 2026 ?
?
What was ELCI's A.I Rankiteo Cyber Score in March 2026 ?
?
What was ELCI's A.I Rankiteo Cyber Score in February 2026 ?
?
What was ELCI's A.I Rankiteo Cyber Score in January 2026 ?
?
What was ELCI's A.I Rankiteo Cyber Score in December 2025 ?
?
What was ELCI's A.I Rankiteo Cyber Score in November 2025 ?
?
What was ELCI's A.I Rankiteo Cyber Score in October 2025 ?
?
What was ELCI's A.I Rankiteo Cyber Score in September 2025 ?
?
What was ELCI's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on ELCI's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with ELCI ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view ELCI's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?