This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Lakeland suffers attack due to Java vulnerability

Share this article:

Kitchenware store Lakeland suffered a cyber attack on Friday evening, where attackers were able to access two encrypted databases.

According to an email notification, hosted here by ThreatTrack Security, the company was not able to find any evidence that data was stolen, but as a precaution it has deleted all customer passwords used on its site and has invited customers to reset their passwords next time they visit the Lakeland site.

It said: “We deeply regret that this has occurred and apologise for the inconvenience caused. The security of our customers' data is hugely important to us and we are devastated to have fallen victim to these criminals. This has occurred despite the best efforts of ourselves and the industry-leading IT company that runs our website for us to use the best security systems available.

“We are committed to protecting our customers' data and will continue to seek additional measures to ensure the integrity of our systems.”

It went on to confirm that attack was achieved via a Java flaw in the website and it suspected that achieving this “has taken a concerted effort and considerable skill”. It said: “We only wish that those responsible used their talent for good rather than criminal ends.”

Dodi Glenn, director of security content management at ThreatTrack Security, said: “It is common practice to purge passwords in the event someone suspects a compromise of their database. While customers may be alarmed as is natural in these circumstances, Lakeland should work with the authorities to identify what information was leaked.

“Customers should have the right to know if their credit card numbers were stolen. Lakeland and others should take note that being proactive instead of reactive is the best approach, because brand reputation is priceless.”

Greg Day, VP and CTO EMEA at FireEye, said: “The Lakeland attack highlights some key issues that all companies need to be aware of: typically there is still the perception that advanced persistent threats (APTs) are aimed at government and global companies, this attack validates that all industries and market sizes are being targeted.

“With the depth and complexity of todays IT, organisations struggle to keep pace from a security perspective. Companies need to start looking at the problem from another angle: all too often we over focus on preventing attacks, but companies are starting to recognise that breaches will occur, which means we need to: understand the what, where and how and gather up the forensic data to identify the indicators of compromise that help us understand; gain insight into the who and why by looking at data such as the communications and call back points we can often glean some insight into the motive of the attacker; and accept that a compromise can happen, and start to look at what is an unacceptable loss.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Password recovery made too easy

Password recovery made too easy

A senior malware analyst has slammed the availability of a `password recovery' utility from Freehostia, noting that the software actually uses network admin utilities to take credentials from the users' ...

Belgacom says alleged GCHQ APT attack cost firm £12 million

Belgacom says alleged GCHQ APT attack cost firm ...

One year on from a nation-state APT which 124 systems at telecom operator Belgacom and the firm has detailed the cost and manpower involved in the clean-up operation.

CryptoWall compromises 40,000 UK citizens

CryptoWall compromises 40,000 UK citizens

Research just published claims to show that ransomware - in the shape of CryptoWall - is still generating healthy volumes of income for the cyber-criminals behind the code.