What does the company expect if its data becomes publicly available?
The British company Lush, a well-known global manufacturer of cosmetics and bath bombs, was subjected to a cyber attack. Hacker group Akira claimed responsibility for the attack, saying it stole 110 GB of data, including passport scans and company documents related to accounting, finance, taxes, projects and customers.
Data collected during the hiring process presumably indicates that hackers managed to gain access to a system containing personnel information. At the moment, there is no evidence that the company's customer data was leaked.
Lush Hacking Statement on Akira's website
The company first acknowledged that it was dealing with a" cybersecurity incident " on January 11. Two weeks later, on January 25, Lush found herself on the data leak site of the Akira ransomware group. At the moment, the group has not published the data, but threatens to do so if the ransom is not paid.
Lush representatives confirmed the attack on "part of the company's IT systems", announcing the launch of a comprehensive investigation with the participation of external security specialists and informing the relevant authorities. Also, the unofficial Lush community on Reddit reported that employees were asked to send their laptops to the main office for "cleaning". More detailed information about the resolution of the situation is currently not known.
Akira is a new group of ransomware that has been active since at least March 2023. A distinctive feature of the Akira Group is an individual approach to determining the amount of cash repurchase. Hackers always carefully analyze the size and profitability of the company and are even willing to make some "discounts" depending on the circumstances.
The British company Lush, a well-known global manufacturer of cosmetics and bath bombs, was subjected to a cyber attack. Hacker group Akira claimed responsibility for the attack, saying it stole 110 GB of data, including passport scans and company documents related to accounting, finance, taxes, projects and customers.
Data collected during the hiring process presumably indicates that hackers managed to gain access to a system containing personnel information. At the moment, there is no evidence that the company's customer data was leaked.
Lush Hacking Statement on Akira's website
The company first acknowledged that it was dealing with a" cybersecurity incident " on January 11. Two weeks later, on January 25, Lush found herself on the data leak site of the Akira ransomware group. At the moment, the group has not published the data, but threatens to do so if the ransom is not paid.
Lush representatives confirmed the attack on "part of the company's IT systems", announcing the launch of a comprehensive investigation with the participation of external security specialists and informing the relevant authorities. Also, the unofficial Lush community on Reddit reported that employees were asked to send their laptops to the main office for "cleaning". More detailed information about the resolution of the situation is currently not known.
Akira is a new group of ransomware that has been active since at least March 2023. A distinctive feature of the Akira Group is an individual approach to determining the amount of cash repurchase. Hackers always carefully analyze the size and profitability of the company and are even willing to make some "discounts" depending on the circumstances.
