All Lakeland website passwords were reset this afternoon as a security precaution, following a “sophisticated and sustained attack” on www.lakeland.co.uk by hackers late on Friday (July 19).
“We do take every potential customer data breach extremely seriously and are working hard on the best ways to ensure this sort of event doesn’t occur again,” the company said today.
Managing director Sam Rayner explained in a statement to customers that when Lakeland discovered that the website had been targeted, immediate action was taken to block the attack, repair the system and to investigate the damage done.
He said: “It has become clear that two encrypted databases were accessed, though we’ve not been able to find any evidence that the data has been stolen. However, we have decided that it is safest to delete all the customer passwords used on our site and invite customers to reset their passwords. Next time you log-in to your Lakeland account you will be asked to reset your password and provide a new one. It is not necessary to do this straight away, just the next time you want to use the account.”
He continued: “We also advise, as a precaution, that if you use the same password on any other account/s, you should change the passwords on these accounts as soon as possible. We do not know for certain that the hackers succeeded in stealing data. However, since there is a theoretical risk, and because it is our policy to be open and honest with our customers, we are being proactive in alerting you.
“We deeply regret that this has occurred and apologise for the inconvenience caused. The security of our customers’ data is hugely important to us and we are devastated to have fallen victim to these criminals. This has occurred despite the best efforts of ourselves and the industry leading IT company that runs our website for us to use the best security systems available. We are committed to protecting our customers’ data and will continue to seek additional measures to ensure the integrity of our systems.
“Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world. This flaw was used to gain unauthorised access to the Lakeland web system and data.”
Sam concluded: “Hacking the Lakeland site has taken a concerted effort and considerable skill. We only wish that those responsible used their talent for good rather than criminal ends.”
The attack on the Lakeland website did not affect Lakeland’s 64 stores or its mail order call centre, which use separate systems that are not internet-based. They continue to trade normally.