British company Lush, a well-known world manufacturer of cosmetics and bombs for baths, fell victim to a cyber attack. The Akira hacker group claimed responsibility for the attack, stating that they have obtained 110 GB of data, including passport scans and company documents related to accounting, finances, taxes, projects, and clients.
The data breach seems to have occurred during the hiring process, indicating that the hackers were able to access the system containing employee information. Currently, there is no evidence to suggest that the company’s data has been leaked.
A statement regarding the Lush cyber attack was released by the Akira group on their website.
The company initially acknowledged the “cybersecurity incident” on January 11. Two weeks later, on January 25, Lush’s data appeared on the AKIRA group’s website. Although the group has not yet published the data, they have issued a threat to do so if a ransom is not paid.