Retailer Lakeland has emailed customers to inform them the website was hit by a “sophisticated and sustained attack” that led to two databases being breached, after cyber criminals used a Java flaw to target its systems.
An email from Lakeland’s managing director, Sam Rayner, informed customers that the attack occurred on 19 July and was undertaken by attackers with “concerted effort and considerable skill".
He wrote: “Immediate action was taken to block the attack, repair the system and to investigate the damage done, and this investigation continues. It has become clear that two encrypted databases were accessed, though we've not been able to find any evidence that the data has been stolen.”
However, in order to be secure, the firm has deleted all existing passwords and will prompt users to resubmit a new password the next time they access the website.
“We also advise, as a precaution, that if you use the same password on any other account/s, you should change the passwords on these accounts as soon as possible,” Rayner added.
In order to be open with customers and industry the firm gave more insights on the hack, explaining it targeted Java, which will come as no surprise to many security vendors who revealed huge flaws with the software at the start of the year.
“Lakeland had been subjected to a sophisticated cyber attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world. This flaw was used to gain unauthorised access to the Lakeland web system and data."
The hack is the latest incident of the threats facing companies, especially those that store customer data and financial information, from the rising tide of cyber threats and attacks being carried out by cyber criminals.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance