- Joined
- 11 yrs. 8 mth. 23 days
- Messages
- 5,010
- Reaction score
- 11,818
- Wallet
- 13,191$
- [email protected]
UK homeware retailer Lakeland is asking its customers to change their passwords as a precaution following a hack attack that allowed cybercrooks to reach two of its encrypted databases.
Lakeland sent an email to customers late on Tuesday admitting the breach, and informing them that it was resetting passwords. Users will be obliged to create a new password the next time they log in or try to shop with the retailer. The breach, which Lakeland detected last Friday (19 July), involved two encrypted databases. In a statement on its website, Lakeland admits it doesn't yet know if any data was actually stolen, though it's fair to point out that it's only days into a breach investigation and any computer forensics work takes time to do properly.
As things stand, Lakeland customers can be forgiven for being unsure whether their personal and financial data has been compromised. Lakeland's statement omits common reassurances that payment systems were unaffected, although it offered some reassurance in an update to its official Twitter account stating "we have no evidence that any card data has been compromised" it hasn't said whether or not the encrypted databases that got hit contained payment information.
Dodi Glenn, director of security content management at ThreatTrack Security, commented: “It is common practice to purge passwords in the event someone suspects a compromise of their database. While customers may be alarmed as is natural in these circumstances, Lakeland should work with the authorities to identify what information was leaked. Customers should have the right to know if their credit card numbers were stolen. Lakeland and others should take note that being proactive instead of reactive is the best approach, because brand reputation is priceless.”
Lakeland sent an email to customers late on Tuesday admitting the breach, and informing them that it was resetting passwords. Users will be obliged to create a new password the next time they log in or try to shop with the retailer. The breach, which Lakeland detected last Friday (19 July), involved two encrypted databases. In a statement on its website, Lakeland admits it doesn't yet know if any data was actually stolen, though it's fair to point out that it's only days into a breach investigation and any computer forensics work takes time to do properly.
Lakeland apologised to its customers for any inconvenience caused by the security flap, which only affects its online punters and not its store or mail order clients. Its statement goes on to blame the hack on a sophisticated assault against a "recently identified flaw" in an unspecified system.
As things stand, Lakeland customers can be forgiven for being unsure whether their personal and financial data has been compromised. Lakeland's statement omits common reassurances that payment systems were unaffected, although it offered some reassurance in an update to its official Twitter account stating "we have no evidence that any card data has been compromised" it hasn't said whether or not the encrypted databases that got hit contained payment information.
Dodi Glenn, director of security content management at ThreatTrack Security, commented: “It is common practice to purge passwords in the event someone suspects a compromise of their database. While customers may be alarmed as is natural in these circumstances, Lakeland should work with the authorities to identify what information was leaked. Customers should have the right to know if their credit card numbers were stolen. Lakeland and others should take note that being proactive instead of reactive is the best approach, because brand reputation is priceless.”