Lush confirms it was hit by a cyberattack - but it isn't saying much else

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

Cosmetics retailer Lush has confirmed suffering a cyberattack, but the details are currently scarce.

In a short announcement posted on its website, Lush said it was currently “responding to a cyber security incident and working with external IT forensic specialists” as it thoroughly investigates the matter. 

The announcement, posted on January 11, says the investigation is at an early stage. Lush has, however, “taken immediate steps to secure and screen all systems in order to contain the incident” and limit its impact on the company’s operations.

Cosmetics firms in the crosshairs

Until Lush reveals more details, we can only speculate, but given that the company now seeks to “contain the incident”, there is a chance that it fell victim to a ransomware attack. 

Usually, ransomware operators will try to encrypt all of the data found on the victim network and exfiltrate it, in order to sell it back for cryptocurrency.

During ransomware attacks, businesses will sometimes shut down their systems to prevent total encryption, and will seek to restore compromised endpoints with the help of backups. 

Even though beauty and cosmetics firms are not the most popular target among ransomware operators, they still get hit from time to time. Estee Lauder, for example, has suffered at least two cyberattacks in recent years, one in 2020, and another one in 2023.

In mid-July 2023, Estee Lauder said the hackers managed to steal some data from its systems and disrupt parts of its operations. The company managed to restore its systems, but was also forced to take down parts of its infrastructure to contain the incident. 

“We take cyber security exceptionally seriously and have informed relevant authorities,” Lush concluded in its announcement. The authorities, besides the police and possibly Europol, would also include the Information Commissioner’s Office (ICO).

TechRadar Pro has contacted Lush for comment.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.