Lush Cosmetics Faces Cyberattack as Akira Group Claims Responsibility

Major British cosmetics retailer Lush has fallen victim to a cyberattack, as the notorious Akira ransomware group claims responsibility for the breach. The attack, first reported on January 11, prompted Lush to cooperate with external IT forensic specialists in order to investigate the incident. Lush reassured the public that it is taking the matter seriously and is working diligently to secure and screen all systems to minimize the impact on its operations. Authorities have also been informed of the breach.

nn

The Akira group recently posted a message on the RansomLock website indicating that they have prepared 110 GB of Lush’s files for uploading. The stolen data allegedly includes personal documents such as passport scans, financial records, tax information, project details, and client information. However, it is important to note that there is no evidence suggesting that customer data has been compromised at this time.

nn

Brian Boyd, the head of technical delivery at cybersecurity firm i-confidential, warns that there may be more consequences to come. As a global cosmetics company, Lush holds a significant amount of customer data, which could potentially be exploited by the perpetrators to extort the company or carry out targeted phishing scams. Boyd urges Lush to promptly inform affected individuals so they can take appropriate measures to safeguard their data.

nn

The Akira group has a history of targeting organizations in Europe, North America, and Australia, particularly focusing on sectors like government, manufacturing, technology, education, consulting, pharmaceuticals, and telecommunications. Last year, the group mainly targeted organizations using Cisco VPNs without multi-factor authentication (MFA).

nn

This year alone, Akira has been responsible for several attacks, including the hacking of the Toronto Zoo, where they leaked 133GB of data, including NDAs, confidential agreements, and personal files. They also claimed responsibility for the recent breach of Finnish IT services and enterprise cloud hosting provider Tietoevry, affecting cloud hosting customers such as Filmstaden, Rusta, and various educational institutions.

nn

Most recently, the Akira group has claimed attacks on Brazilian Business Park, ANI Networks, Ding Sheet Metal, and Valley Telecom Group. With a track record of breaching nearly 465,000 records in 2023, with an average ransom demand of $1 million, the group poses a significant threat to organizations around the world.

nn

Lush has responded to Akira’s claims, expressing awareness of the group’s statements regarding the stolen data. The company is working alongside its specialized partners to validate the extent of the breach and mitigate any further damage.

nn

Emma Woollacott, a renowned freelance journalist whose work appears in trusted publications like the BBC, Forbes, and Private Eye, emphasizes the importance of addressing the impact of the cyberattack on Lush’s customers and ensuring transparency regarding the compromised data.