Cyber Incident Victim: Lush Retail Ltd
Date:
Jan 2024
Location:
United Kingdom
Summary
The cosmetic retailer Lush experienced a cyberattack prompting an ongoing investigation involving authorities and external IT forensic specialists, with the company emphasizing its serious approach to cybersecurity. This incident follows a prior hacking event where website operations and online sales were temporarily suspended, and current efforts focus on maintaining control and minimizing potential disruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Lush UK&I, a prominent cosmetics retailer, experienced a confirmed cyberattack in early January 2024, prompting an immediate investigation by the company. This incident followed a prior cybersecurity breach in 2011 when attackers compromised Lush’s website infrastructure, forcing the temporary suspension of online sales and website operations. The 2024 attack’s technical specifics and initial intrusion vectors remained undisclosed in public statements, though the company acknowledged active collaboration with law enforcement agencies and external IT forensic specialists to determine the scope and methodology. A Lush spokesperson publicly emphasized the organization’s stringent approach to cybersecurity protocols in response to the incident, stating, ‘We take cyber security exceptionally seriously,’ while operational teams focused on containing the attack’s progression. No explicit details regarding data compromise, system disruptions, or financial impacts were disclosed at this preliminary stage of the investigation.
The company’s incident response prioritized containment and impact mitigation, mobilizing internal resources alongside external cybersecurity experts to isolate affected systems and prevent further unauthorized access. Historical context from the 2011 breach informed aspects of the response strategy, though the technical nature of the 2024 incident differed in undisclosed ways. Lush maintained public communication regarding the ongoing forensic examination but did not confirm whether customer data, payment systems, or internal corporate networks were directly compromised. Operational continuity measures were implemented, though the article did not specify whether website functionality or sales channels required suspension during the investigation. Authorities involved in the case were not identified by name or agency, and no threat actor group claimed responsibility for the attack at the time of reporting. Lush’s remediation efforts concentrated on restoring secure operations while preserving evidence for the criminal investigation.