This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Lakeland suffers attack due to Java vulnerability

Share this article:

Kitchenware store Lakeland suffered a cyber attack on Friday evening, where attackers were able to access two encrypted databases.

According to an email notification, hosted here by ThreatTrack Security, the company was not able to find any evidence that data was stolen, but as a precaution it has deleted all customer passwords used on its site and has invited customers to reset their passwords next time they visit the Lakeland site.

It said: “We deeply regret that this has occurred and apologise for the inconvenience caused. The security of our customers' data is hugely important to us and we are devastated to have fallen victim to these criminals. This has occurred despite the best efforts of ourselves and the industry-leading IT company that runs our website for us to use the best security systems available.

“We are committed to protecting our customers' data and will continue to seek additional measures to ensure the integrity of our systems.”

It went on to confirm that attack was achieved via a Java flaw in the website and it suspected that achieving this “has taken a concerted effort and considerable skill”. It said: “We only wish that those responsible used their talent for good rather than criminal ends.”

Dodi Glenn, director of security content management at ThreatTrack Security, said: “It is common practice to purge passwords in the event someone suspects a compromise of their database. While customers may be alarmed as is natural in these circumstances, Lakeland should work with the authorities to identify what information was leaked.

“Customers should have the right to know if their credit card numbers were stolen. Lakeland and others should take note that being proactive instead of reactive is the best approach, because brand reputation is priceless.”

Greg Day, VP and CTO EMEA at FireEye, said: “The Lakeland attack highlights some key issues that all companies need to be aware of: typically there is still the perception that advanced persistent threats (APTs) are aimed at government and global companies, this attack validates that all industries and market sizes are being targeted.

“With the depth and complexity of todays IT, organisations struggle to keep pace from a security perspective. Companies need to start looking at the problem from another angle: all too often we over focus on preventing attacks, but companies are starting to recognise that breaches will occur, which means we need to: understand the what, where and how and gather up the forensic data to identify the indicators of compromise that help us understand; gain insight into the who and why by looking at data such as the communications and call back points we can often glean some insight into the motive of the attacker; and accept that a compromise can happen, and start to look at what is an unacceptable loss.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.