Lakeland warns customers of potential data breach

Lakeland is warning of a potential data breach after a “sophisticated and sustained attack” exploited a recently-identified Java flaw

Retailer Lakeland is warning customers of a potential data breach after a “sophisticated and sustained attack” last weekend that exploited a recently-identified Java flaw.

The company has found that two encrypted databases were accessed, but so far it has been unable to find any evidence that the data has been stolen.

“However, we have decided that it is safest to delete all the customer passwords used on our site and invite customers to reset their passwords next time they visit the Lakeland site,” it told customers.

The company has also advised customers that if the password they used for Lakeland is used for other sites and services, they should update the password for those accounts too.

Independent computer security expert Graham Cluley said that this advice needs to be underlined.

“Far too many people use the same password for multiple websites, meaning that if their password gets hacked in one place they could find other online accounts are subsequently compromised,” he wrote in a blog post.

“With good password management tools like 1Password, LastPass and KeePass available, it really is inexcusable for users to still be recycling passwords rather than picking new, hard-to-crack ones,” he said.

“The security of our customers' data is hugely important to us and we are devastated to have fallen victim to these criminals,” Lakeland told customers.

The company said the attack had occurred despite the best efforts to use the best security systems available and that it would seek additional measures to ensure the integrity of its systems.

Read more on Java

Cluley praised Lakeland for its proactive approach to communicating with their customers, which he said was in stark contrast with other organisations finding themselves in the middle of a data breach.

The company told customers that the attack had not affected its high street stores or its mail order call centre.

“In both cases, these use separate systems that are not internet-based and continue to trade normally,” the company said

In April, Veracode’s latest State of Software Security report noted that many businesses are migrating away from Java due to the level of vulnerabilities in the Java Runtime Environment.

Veracode’s static code analysis tool examined more than 22,000 applications submitted by its clients, with applications varying in size from a few megabytes to 1-2GB of code.

The study of code sent to the company’s cloud-based analysis tool between January 2011 and June 2012 found that 82% of the Java applications it tested had code quality issues, compared with 78% of .Net applications and 28% of C/C++ applications analysed.

Read more on Hackers and cybercrime prevention