Lush Employee Data Stolen
The Akira ransomware group claims that it has stolen customer data from the Lush cosmetic retailer. Specifically, Akira claims to have stolen 110 GB of data from the global cosmetics giant, which has more than 900 stores worldwide, allegedly including "a lot of personal documents" such as passport scans.
Passport scans are routinely collected to verify identities during the course of the hiring process, which suggests Akira's affiliate likely had access to a system containing employee data.
Lush confirmed it was investigating a live cyber security incident in January 2024, saying it was undertaking a comprehensive investigation with external assistance, and had already taken steps to screen and secure its systems. “Lush UK&I is currently responding to a cyber security incident and working with external IT forensic specialists to undertake a comprehensive investigation.
“The investigation is at an early stage but we have taken immediate steps to secure and screen all systems in order to contain the incident and limit the impact on our operations. We take cyber security exceptionally seriously and have informed relevant authorities," according to Lush.
The Lush website has remained accessible throughout, as did its bricks and mortar stores, suggesting the impact of the cyber attack has been limited, or that the organisation has deployed effective mitigation measures.
Company documents relating to accounting, finances, tax, projects, and clients are also said to be included in the archives grabbed by the cyber criminals, who are threatening to make the data public soon. There is still no evidence to suggest customer data was exposed.
In these circumstances it seems likely that there may have been an inconclusive negotiation between the criminal gang and their victim, with Akira using the threat of data publication as a means to speed up the ransom deal.
Lush: Sophos: Vumetric: Computer Weekly: The Register: Ground: Cyber Report:
Image: Alexander Grey
You Might Also Read:
Why Is Retail Cyber Security So Weak?:
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible