The company deleted customer password data and told users to reset their passwords on their next visit. The company also warned users to change their passwords on other sites if they used the same password.
“Hacking the Lakeland site has taken a concerted effort and considerable skill,” the company wrote to customers. “We only wish that those responsible used their talent for good rather than criminal ends.”
The attack exploited a recently discovered vulnerability in the company’s server-side Java software, though it did not identify the vulnerability.
“Quite what Java vulnerability Lakeland is referring to isn’t currently clear, but add it to the pile of reasons (if you needed any more) why you probably want to keep as far away from that vulnerability-ridden technology as possible,” wrote security consultant Graham Cluley in his blog.
ITWorldcanada.com is the leading Canadian online resource for IT professionals working in medium to large enterprises. IT World Canada creates daily news content, produces a daily newsletter and features IT professionals who blog on topics of industry interest.