Lakeland hack results in breach of two encrypted databases

News
By Caroline Donnelly
published

Kitchenware retailer confirms breach, but stops short of revealing what kind of data hackers accessed.

Hackers

Kitchen cookware retailer Lakeland has fallen victim to a "sophisticated and sustained" attack by hackers, resulting in two encrypted databases being accessed.

The security breach was discovered late on Friday 19 July, the company confirmed in a statement on its website yesterday.

At the time of writing, the firm said there is no evidence to suggest the hackers stole any data.

We only wish those responsible used their talent for good rather than criminal ends.

"However, we have decided that it is safest to delete all the customer passwords used on our site and invite customers to reset their passwords," read the statement, signed by the company managing director Sam Rayner.

"Next time you log-in to your Lakeland account you will be asked to reset your password and provide a new one [but] it is not necessary to do this straight away."

The company reportedly has 64 stores across the UK, and also offers customers the option to buy its products through mail order or online shopping operations.

The hack is only thought to have affected its web-based business at this time.

The statement then goes on to advise customers that use their Lakeland password for other online accounts to change their login credentials as soon as possible.

"We do not know for certain the hackers succeeded in stealing data, however since there is a theoretical risk and because it is our policy to be open and honest with our customers, we are being proactive in alerting you," it added.

Lakeland said the cyber attack was made possible by a recently identified flaw in the server system used to run its website, which is overseen by an unnamed third-party IT company.

"This occurred despite the best efforts of ourselves and the industry leading IT company that runs our website for us," the statement continued.

"This flaw was used to gain unauthorised access to the Lakeland web system and data...[and] hacking the Lakeland site has taken a concerted effort and considerable skill.

"We only wish those responsible used their talent for good rather than criminal ends," it concluded.

Dodi Glenn, director of security content management at infosecurity firm ThreatTrack Security, said Lakeland customers have a right to know exactly what data has been compromised.

"Lakeland should work with the authorities to identify what information was leaked. Customers should have the right to know if their credit card numbers were stolen," said Glenn.

"Lakeland and others should take note that being proactive instead of reactive is the best approach, because brand reputation is priceless."

Caroline Donnelly
Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.