Kitchenware specialist Lakeland has revealed a “sophisticated and sustained attack” on its website and warned customers to take action to protect their data.
Lakeland urged customers to reset their passwords on its website and to consider changing them on other accounts if they use the same ones on different sites. The retailer has deleted all of its password records after the attack, which took place on Friday.
In a customer email seen by Retail Week, Lakeland advised customers that “it has become clear that two encrypted databases were accessed, though we’ve not been able to find any evidence that the data has been stolen.
“However, we have decided that it is safest to delete all the customer passwords used on our site and invite customers to reset their passwords next time they visit the Lakeland site. Next time you log-in to your Lakeland account you will be asked to reset your password and provide a new one. It is not necessary to do this straight away, just the next time you want to use the account.
“We also advise, as a precaution, that if you use the same password on any other account/s, you should change the passwords on these accounts as soon as possible. We do not know for certain that the hackers succeeded in stealing data, however since there is a theoretical risk and because it is our policy to be open and honest with our customers, we are being proactive in alerting you.”
It said it had been “subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world”.
Lakeland added: “This flaw was used to gain unauthorised access to the Lakeland web system and data. Hacking the Lakeland site has taken a concerted effort and considerable skill. We only wish that those responsible used their talent for good rather than criminal ends.”
The retailer said the attack has not affected its store or mail order businesses.
A Lakeland spokeswoman said: “We would like to sincerely apologise to our customers for this incident. We have stringent security procedures in place to protect our customer data and the security and privacy of our customers remains the highest priority to us.
“We are always open and honest with our customers, and though we do not know for sure that data has been stolen, we are being proactive and advising that as a precaution customers change their passwords.”