Lush, the privately-owned British cosmetics retailer with North American stores, is currently dealing with a cyber security incident, according to a spokesperson. The company operates in 49 countries and owns production facilities in Europe, Japan, and Australia, but it is not clear if these have been affected by the incident.
The nature of the incident has not been disclosed, but it comes after a year that saw a significant increase in ransomware incidents for organizations in the United Kingdom. Lush is working with external IT forensic specialists to investigate the situation, and the country’s National Cyber Security Center (NCSC) has certified a number of firms under its Cyber Incident Response scheme for victim organizations to contact following a hack.
Lush has taken immediate steps to secure and screen all systems in order to contain the incident and limit the impact on its operations. The company has also informed relevant authorities and stated that it takes cyber security very seriously.
Businesses that experience a data breach are required to inform Britain’s data protection regulator, the Information Commissioner’s Office (ICO). Lush is fulfilling this requirement but the NCSC and ICO have expressed concern about ransomware victims keeping incidents hidden from law enforcement and regulators.
The content is followed by information about the author of the article.