Cyber Incident Victim: Avon

Avon experienced a cybersecurity incident first detected on June 8, 2020, prompting an official filing with the U.S. Securities and Exchange Commission (SEC) the following day. The company disclosed that the event interrupted critical IT systems and partially disrupted business operations across multiple international markets. Distributors in the United Kingdom, Argentina, Brazil, Poland, and Romania reported immediate difficulties accessing Avon's backend ordering platform, which is essential for processing product requests. This operational disruption persisted for at least one week, with systems remaining partially offline during initial recovery efforts. Avon's parent company, Brazilian multinational Natura &Co, maintained a policy of limited transparency, declining to provide substantive details about the incident's nature or scope to both affected distributors and media representatives despite repeated inquiries.

By June 12, Avon submitted a second SEC filing indicating progress in restoring "some affected systems in impacted markets" during the week of June 15. Publicly available restoration timelines showed the Poland and Romania backend systems resumed normal operations by June 16. Unverified reports from Polish cybersecurity firm Niebezpiecznik and an anonymous source suggested the incident involved a ransomware attack by the DopplePaymer group, though Avon never confirmed this attribution and independent verification remained lacking. The company's SEC disclosures emphasized an ongoing investigation into potential unauthorized access to user data while explicitly stating that financial data remained uncompromised due to its ecommerce platform's design, which excluded financial information storage. No further details regarding attack vectors, ransom demands, or data exfiltration were formally released by Avon during the documented recovery period.