Lush, the Brits’ fave beauty brand, hit by cyber assault

January 13, 2024
1 min read

TLDR: British Cosmetics Firm Lush Confirms Cyberattack

Lush, the British cosmetics retailer with stores in North America, has confirmed that it is currently responding to a cyber security incident. The company, which operates globally, is working with IT forensic specialists to investigate the incident. The National Cyber Security Center (NCSC) has certified a number of firms for victim organizations to contact in the event of a hack. Lush has taken immediate steps to secure and screen all systems to contain the incident and minimize the impact on its operations. The company has informed relevant authorities and takes cyber security seriously.

In 2023, there was a record number of ransomware incidents in the UK, with 667 organizations compromised in the first half of the year. Lush has not disclosed the nature of the attack, but ransomware is suspected as it was a prevalent threat during this period. The company’s production facilities in Europe, Japan, and Australia have not been confirmed as affected.

Under UK law, businesses that suffer a data breach have a duty to inform the Information Commissioner’s Office (ICO), and failure to do so can result in fines of up to 4% of global turnover. Lush has confirmed that it has informed the relevant authorities, indicating compliance with this requirement. However, there are concerns that some ransomware victims are keeping incidents hidden from law enforcement and regulators.

In response to the incident, Lush is working with external IT forensic specialists to undertake a comprehensive investigation. The identity of these specialists has not been disclosed. The company is taking the necessary steps to secure and screen all systems to contain the incident and minimize the impact on its operations. This incident reflects the increasing prevalence of cyberattacks targeting businesses around the world.

Latest from Blog

Top 3 Cybersecurity Stocks for May 2024 Buy Now

TLDR: Key Points: Cybersecurity stocks are using AI to enhance their platforms Top cybersecurity stocks to buy now include Crowdstrike, Fortinet, and Palo Alto Networks Article Summary: The cybersecurity market is booming

Get Secure: Know the Basics of Cloud Security Fundamentals Now

TLDR: Cloud security fundamentals are essential for data protection, regulatory compliance, and access management in a cloud environment. Key fundamentals include identifying assets, implementing security controls, conducting risk assessments, managing user access