Cosmetics brand Lush suffers ‘cyber incident’

15 Jan 2024

Image: © WD Stockphotos/

The cosmetics company has launched a ‘comprehensive’ investigation into the breach, which experts predict involves ransomware.

British cosmetics company Lush has suffered a cyberattack, according to a statement released last Thursday (11 January).

While details about the “cyber incident” are currently minimal, the company’s statement indicates that a “comprehensive” investigation is underway using the help of external IT forensic specialists. There is no indication as of yet on what sort of breach occurred or how many customers or employees are affected.

“The investigation is at an early stage, but we have taken immediate steps to secure and screen all systems in order to contain the incident and limit the impact on our operations,” read the statement. “We take cybersecurity exceptionally seriously and have informed relevant authorities.”

In the wake of the announcement, various cybersecurity experts have commented on the breach.

William Wright, CEO of Closed Door Security, said that although there is no confirmation on what type of attack was experienced, he believes the breach involves ransomware.

“The threat is used to take an organisation’s data hostage, so a big part of recovery is working on containing the attack and limiting its spread,” said Wright. “More details should be released around the attack, but the most worrying issue with the incident is the type of data criminals could potentially have access to.

“Whether it be company data, or sensitive customer information, given the popularity of Lush, it will undoubtedly be a gold mine for criminals.”

Brian Boyd, head of technical delivery at I-Confidential, said that due to Lush’s global operations, the attackers could have potentially gained access to a “treasure trove” of customer data, which could then be used to extort the company or for targeted phishing campaigns.

“Lush must inform impacted parties as a priority so they can take steps to protect their data,” advised Boyd. “Customers must understand if and how their data has been impacted, because any compromised information could be used against them.”

Boyd pointed out that this breach, along with other recent cyberattacks, highlights the importance of organisations maintaining strong cyber defence strategies.

“[Organisations] must take action to prevent attackers breaking into their systems, but they also should rehearse their response to incidents so they can lessen their impact even when they do occur.

“By practising good security hygiene, organisations can protect their networks and data against the majority of breaches today.”

This attack is one of many recent cyberattacks that have marked the beginning of 2024, a year that some experts believe will see new and heightened cyber risks in the areas of cloud and AI technology.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Colin Ryan is a copywriter/copyeditor at Silicon Republic