Cosmetics retailer Lush dealing with mystery cyber incident – ComputerWeekly.com

Dorset-based cosmetics retailer Lush has fallen victim to a cyber security incident of a currently undisclosed nature, via a brief notice posted to its website on 11 January.
“Lush UK&I is currently responding to a cyber security incident and working with external IT forensic specialists to undertake a comprehensive investigation,” the organisation confirmed. “The investigation is at an early stage, but we have taken immediate steps to secure and screen all systems in order to contain the incident and limit the impact on our operations. We take cyber security exceptionally seriously and have informed relevant authorities.”
Because the precise nature of the incident remains undisclosed, Lush will face inevitable speculation that it has been affected by ransomware, but this is entirely unconfirmed.
At the time of writing, Lush’s retail website remains accessible over a public internet connection, which strongly suggests that many of its internal IT systems are unaffected.
Ransomware attacks frequently result in multiple systems being pulled offline – often by panicked IT admins – leading to website outages for customers, which is not currently the case.
Brian Boyd, head of technical delivery at i-confidential, said: “Details [of] this breach are still emerging, so it’s not clear what type of attack Lush is experiencing, but it sounds like the company is investigating the incident and working to contain its spread.
“Lush is a massive cosmetics company that operates globally, so the perpetrators have potentially gained access to a treasure trove of customer data, which they could use to extort the company or to execute targeted phishing scams,” he said. “Lush must inform impacted parties as a priority so they can take steps to protect their data. Customers must understand if and how their data has been impacted, because any compromised information could be used against them.”
A family-run company throughout its history, Lush started life as a supplier of products to the Body Shop, but in the mid-1990s moved away from that relationship and pioneered a new and highly successful approach to retailing cosmetics. It sets out its stores with attractive and colourful displays reminiscent of a greengrocers, and places an emphasis on in-house, ethical production methods and environmental sustainability.
This approach has also been applied to its IT estate, with the organisation demonstrating a strong preference to doing things in-house, and heavily favouring open source services and ethical suppliers – its datacentre provider, for example, is powered by renewable energy.
In 2021, the organisation spoke to Computer Weekly about how it gave its authentication systems a thorough makeover after becoming alert to the need to enhance how it protected customer data, given its increasing levels of integration into third-party services that relied on multiple different standards.
This project ultimately saw it pair up with authentication specialist Auth0, which went on to be acquired by Okta in 2022.
At the time of writing, there is no suggestion that the current incident is in any way linked to subsequent compromises of Okta’s infrastructure – that embroiled several other identity and access management specialists. No such link should be inferred.
Business leaders will need to take steps over the next decade to prepare for U.S., China relations largely defined by competition…
Forrester Consulting-Capital One study points to organizational silos, disconnect between line-of-business and data managers, and…
Many organizations recognize the importance of edge computing. Discover the latest insights on spending, device capabilities and …
After VMware confirmed that CVE-2023-34048 had been exploited, Mandiant attributed the activity to a China-nexus threat group and…
In its guide, CISA urged water and wastewater sector utility operators to harden their security posture, increase information …
During 2023, Chainalysis tracked a decrease in the total value and volume of illicit cryptocurrency transactions. But it is …
HPE’s planned $14 billion acquisition of Juniper Networks stands to add to its power in the market, and can have long-term …
Trivial File Transfer Protocol is one of the oldest and simplest TCP/IP file exchange protocols. Here are use cases and best …
Equinix markets its Fabric Cloud Router as a monthly subscription service that organizations can access and configure quickly. It…
Data centers use large amounts of water to maintain equipment. This consumption is causing water pollution and scarcity. …
Today’s server platforms offer a host of options for SMBs and enterprise IT buyers; it’s important to learn the essentials before…
Companies are quickly adopting generative AI, and with this, the focus has shifted toward hybrid cloud environments, which spans …
The partnership aims to address the difficulty of efficiently and inexpensively deploying and managing data models developed in …
The vendor’s new tool is designed to help customers control their cloud computing costs while developing and maintaining …
The data lakehouse vendor’s latest industry-specific set of tools is aimed at telecommunications providers that features a GenAI …
All Rights Reserved, Copyright 2000 – 2024, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell or Share My Personal Information

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *