Security and compliance company, RandomStorm has commented on the recent attack on the web servers of British kitchenware retailer, Lakeland, which resulted in two encrypted databases being breached.
Lakeland was swift to inform its customers of the breach and has advised them to refresh their passwords when they next log in to the Lakeland retail site.
Customers have also been urged to change passwords for any other online services that re-used their Lakeland login details.
Lakeland has stated that the security breach resulted from cyber criminals’, “sophisticated and sustained,” efforts to exploit a recently identified security flaw in the Java-based platform used on its servers. However, details are yet to emerge on the precise nature of the vulnerability.
Andrew Mason, co-founder and Technical Director of security and compliance company, RandomStorm, comments, “The Lakeland web security breach demonstrates the need for companies to continuously monitor their networks for vulnerabilities and active threat vectors and to act upon the vulnerability reports. In this case it appears that the cyber criminals targeted a new vulnerability in the Java software used on the web servers, though precise details are yet to be confirmed. We congratulate Lakeland on its rapid response and hope that the company will share its findings to enable other online merchants to shore up their defences against this latest attack vector.”
RandomStorm provides vulnerability scanning and intrusion detection services to help companies in the public sector, retail, hospitality, financial and utility industries to improve their security posture and comply with industry guidelines and data protection regulations. The company is a CESG CHECK security consultancy and certified as both an Approved Scanning Vendor and Qualified Security Assessor by the Payment Card Industry Security Standards Council.