Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Akira claims attack on Lush cosmetics

The attack on major British cosmetics retailer Lush that was made public earlier this month has been claimed by the infamous Akira ransomware group.

user icon Daniel Croft
Mon, 29 Jan 2024
Akira claims attack on Lush cosmetics
expand image

According to threat feeds seen by Cyber Daily, Akira claimed to have stolen 110 gigabytes of data from the cosmetics retailer in a post on its dark web leak site on 26 January.

“Founded in 1995 and headquartered in Poole, United Kingdom, Lush is a cosmetic store specializing in the retail of bath bombs, hair products, makeup and more,” wrote Akira on its dark web leak site.

“110 Gb of their files are prepared for uploading. There are a lot of personal documents especially passports. Accounting, finance, tax, projects, clients information and much more could be found in the archives we are going to share.”

============
============

The claims made by the ransomware group are yet to be verified by Lush or other cyber experts.

Speaking with Computer Weekly, a spokesperson for Lush has said that it is currently trying to understand what data was affected.

“We took immediate steps to respond to the matter and, following a short period of limited disruption, we are now operating largely as normal. We also launched a comprehensive investigation with external security specialists to understand what data may have been affected, which remains ongoing,” wrote the spokesperson.

“We have informed the relevant authorities about this incident, including the ICO and police. We know the group responsible for this incident have made claims regarding data they have taken relating to Lush. Alongside our specialist partners, we are working hard to validate these claims.”

Lush first announced the cyber incident on 11 January, announcing it was in the early stages of an investigation.

“Lush UK&I is currently responding to a cyber security incident and working with external IT forensic specialists to undertake a comprehensive investigation,” the company wrote in a statement on its website.

“The investigation is at an early stage, but we have taken immediate steps to secure and screen all systems in order to contain the incident and limit the impact on our operations. We take cyber security exceptionally seriously and have informed relevant authorities.”

At no point was the operations of Lush’s website or physical stores impacted, meaning the attack either only targeted the theft of data and did not encrypt necessary data for operations or that Lush was able to deploy measures and mitigate damage.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.