HQ/EMEAFind out how we can help your business
British cosmetics giant Lush has admitted falling victim to a cyberattack that could compromise its vast network of stores in North America and production facilities in Europe, Japan, and Australia.
Based on reports, the privately-owned company confirmed the cyber security incident, prompting concerns about the potential impact on its extensive operations spanning 49 countries.
However, the exact nature of the cyberattack remains a mystery, leaving every related party anxious and waiting for more details. The timing of this confirmation is particularly threatening, given the surge in ransomware incidents that plagued organisations in the United Kingdom during the first half of last year.
As of now, Lush has employed a third-party forensic service provider to investigate the breach, but the company has not disclosed the identities of these specialists, leaving questions about their expertise and credentials.
The National Cyber Security Center in the United Kingdom has formed a Cyber Incident Response tactic to certify several firms to assist victim organisations in the aftermath of a cyberattack. Lush’s collaboration with these experts shows the severity of the incident.
Lush assured every concerned individual that they would resolve the issue immediately.
The company have already established a dedicated team to address the situation promptly. Moreover, a company representative stated that their investigation is at an early stage. Still, they have taken immediate steps to secure and screen all systems to contain the incident and limit the impact on our operations.
In compliance with data protection regulations, Lush has informed the Information Commissioner’s Office (ICO), the UK’s data protection regulator, about the cybersecurity breach. Organisations failing to report such incidents will face potential fines of up to 4% of their global turnover.
The company noted that they are treating cybersecurity with utmost seriousness, implying their intent to cooperate with law enforcement agencies to thwart the impact of the cyberattack.
Unfortunately, a joint blog post from the NCSC and ICO last year expressed growing concerns about organisations concealing ransomware incidents from law enforcement and regulatory bodies.
This report raises questions about the broader landscape of cybersecurity as businesses struggle with the delicate balance between transparency and the potential regulatory consequences of cyber threats. The confirmation of the Lush cyberattack is the latest addition to the cybercriminal incident that involves the evolution of cybersecurity challenges organisations worldwide face.
