British cosmetics retailer Lush is currently dealing with a cybersecurity incident, as confirmed by a spokesperson. The company, operating in 49 countries and owning production facilities in Europe, Japan, and Australia, has not disclosed the nature of the incident. Lush stated that it is working with external IT forensic specialists to conduct a comprehensive investigation. The National Cyber Security Center (NCSC) in the UK has certified various firms under its Cyber Incident Response scheme for victim organizations to contact following a hack.
During the first half of 2023, ransomware incidents in the UK hit a record, with 667 organizations compromised, surpassing the previous year’s total of 706. Lush’s cybersecurity incident adds to the growing challenges faced by organizations dealing with cyber threats. The company emphasized its commitment to cybersecurity, stating that it takes the matter exceptionally seriously. While the investigation is still in its early stages, Lush has taken immediate steps to secure and screen all systems, aiming to contain the incident and minimize its impact on operations.
The incident highlights the pervasive threat of cyberattacks on businesses, prompting organizations to enhance their cybersecurity measures. Lush’s collaboration with external IT forensic specialists suggests a proactive approach to investigating and mitigating the incident. As ransomware incidents continue to rise globally, the need for robust cybersecurity practices and incident response plans becomes increasingly critical for companies across various industries. Lush’s engagement with relevant authorities and commitment to informing the Information Commissioner’s Office (ICO) demonstrates adherence to data breach reporting obligations, reinforcing the importance of transparency in cybersecurity incidents.
