Cyber Incident Victim: LolaLiza

Belgian clothing retailer LolaLiza publicly confirmed on Friday, September 1, 2024, that it had suffered a cyberattack resulting in unauthorized access to its IT systems and databases. The company attributed the breach to an "external malicious act" that circumvented existing security measures, though specific technical details about the attack vector or duration of intrusion were not disclosed. Compromised data potentially included customer information, employee records, and unspecified company operational data, though the full scope remained under investigation at the time of the announcement. Management acknowledged implementing prior security protocols but stated these proved insufficient to prevent the breach. Immediate response actions included engaging external cybersecurity experts to contain the incident, assess the damage, and restore normal operations. The breach did not disrupt physical store operations or online sales channels, which remained functional throughout the incident response.

LolaLiza initiated customer notifications on Thursday, August 31, 2024, prioritizing individuals who had previously consented to communications and for whom valid contact information was available. The company emphasized protecting customer and employee data as its primary objective alongside restoring its central IT infrastructure. No ransomware claims or explicit threats against the compromised data were referenced in the public statement. Investigations continued to determine the exact nature of the accessed data, the number of affected individuals, and whether the attackers exfiltrated information. Management committed to resolving system vulnerabilities and maintaining business continuity while the forensic examination and recovery efforts proceeded.