UK chain Lakeland falls for the old software flaw trick

Manufacturing

Hackers gained access to two encrypted databases storing information on customers of the homeware company. They took advantage of a weakness in the Java software supporting Lakeland’s website to sneak into the systems.

Lakeland discovered that hackers began targeting its site on 7/19, the company said in an email sent to customers on 7/24.

The retailer “has found no evidence that customer data was stolen.”

After the incident was discovered, "immediate action was taken to block the attack, repair the system and to investigate the damage done, and this investigation continues,” Lakeland said.

"Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world. This flaw was used to gain unauthorised access to the Lakeland web system and data. Hacking the Lakeland site has taken a concerted effort and considerable skill," the email to customers said.

The company might have failed to fix the bug, or antivirus programs might have been unprepared to handle the bug at the time. “It is not known whether a patch had been issued for the flaw in question, however — Lakeland declined to provide any further details on the incident when contacted by ZDNet.”