Cyber Incident Victim: Loake Shoes
Date:
Nov 2017
Location:
United Kingdom
Summary
Loake Shoes experienced a cybersecurity breach resulting in unauthorized access to customer email addresses, though financial data was not compromised as the company does not store payment details. The incident prompted warnings about potential phishing emails impersonating the brand. While the company initially likened the attack to the NHS ransomware incident, cybersecurity experts disputed this comparison, noting fundamental differences in attack vectors—specifically highlighting that ransomware typically encrypts data rather than targets email servers. Analysis suggested the breach likely stemmed from compromised administrator credentials to the email system. The company faced criticism for unclear communication regarding the incident's scope and technical details, exacerbating customer concerns about data security practices.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Loake Shoes disclosed a cybersecurity incident on November 22, 2017, notifying customers via letter that their email addresses had been compromised by unauthorized actors. The UK-based premium footwear manufacturer, established in 1880 and supplier to the British royal family, confirmed it had been "the victim of a cyber attack" but did not specify when the breach occurred or how many customer accounts were affected. The company emphasized that no financial data was exposed, stating "We do not store credit or debit card details on our system." Customers were warned about potential spam or phishing emails impersonating Loake following the breach. The organization's spokeswoman declined to provide further details regarding the attack timeline, intrusion methods, notification completeness, or preventive measures being implemented.
In its customer communication, Loake described the incident as "similar in nature to that which was suffered by the NHS a few months ago," implicitly referencing the WannaCry ransomware attacks of May 2017. Cybersecurity expert Etienne Greef contested this characterization, noting WannaCry's primary function was data encryption rather than email server infiltration, making the comparison technically inconsistent. Greef hypothesized that compromised administrator credentials for an email server likely enabled access to customer contact lists. The breach prompted criticism from at least one customer who expressed diminished trust in the established brand's data protection capabilities. Loake concluded its notification with a general apology for inconvenience but provided no specific remediation steps for affected individuals beyond vigilance against suspicious emails. The company did not disclose whether external cybersecurity experts were engaged for forensic analysis or system hardening following the incident.