Reading Time: 2 minutes

Protecting your data: Lush’s response to its recent cyber attack

22nd January 2024 | Modified: 24th January 2024

Categories: Security

Reading Time: 2 minutes

Lush the cosmetics store, home to some of the most beautiful fragrances in the high street, has announced on its website, that it had been the victim of a cyber security incident.


The 65-word statement focussed on what Lush was doing to resolve the impact of the cyber attack, however, it did not mention anything as to who was the architect of the cyber attack, nor has the company said what the hackers have done, nor what they are after. What is known, is that the cyberattack appears to have been focused on production facilities in Europe.

People continue to be the weakest link in the security chain

Lush was founded in 1995, by six co-founders. It is a British-owned company, started in Poole, Dorset. There are 104 shops in the UK and 886 in 52 countries around the globe,  North America, Australia, Italy, Hungary, and Hong Kong to name but a few.


At this stage of the investigation, Lush stated that they are working with an external IT forensic cyber attack team. Typically, specialists such as these will look to secure, thereafter screen all of the perfumier’s IT infrastructure, to mitigate the impact of the attack on the company.


It is worth noting that ransomware is the most common form of cybercrime. It is estimated that more than 500,000 new cyber threats are discovered daily. Typically, these attacks are delivered through phishing emails, which can be easily targeted at an employee within an organisation, via a business email, carefully crafted to convince the employee of their legitimacy, so that the recipient will click on a link within the email.


With a single click, cybercriminals will then breach your business records for confidential customer data, such as credit card information, and other personal information, which they will hold the business to ransom with.


The UK is considered to be the second most cyber-attacked country in the world. The biggest hack of which, was in January of 2023, whereby the Royal Mail was attacked by a  digital extortion gang called LockBit, who demanded $80 million in ransom from the postal and courier service.

If you have any concerns or you would like additional support with your cyber security planning, please contact the team at: or call us on 01273 384 100.

Protecting your data: Lush’s response to its recent cyber attack

By Gary Jowett

Gary has always focused on making sure the most appropriate solution is provided to help customers, not just what's new and shiny. With over 30 years in the IT industry Gary has the experience to tell the difference between something that's game-changing or is just a passing fad!


We’re always open for a chat, so get in touch to find out how we can help