A “comprehensive” investigation has been launched by Lush after its systems were hit by a cyber attack.
External IT forensic specialists are now working with the British body care brand to address the incident.
The nature and extent of the attack have not been revealed at this time.
“The investigation is at an early stage but we have taken immediate steps to secure and screen all systems in order to contain the incident and limit the impact on our operations,” Lush said in a statement.
It added that the business takes cyber security “exceptionally seriously” and has informed relevant authorities.
This would include the UK’s Information Commissioner’s Office (ICO), which legally requires companies to report any personal data breaches within 72 hours of becoming aware of them.
The ICO works to protect information rights and data privacy for the public.
Cyber attacks affected 32% of UK businesses in 2023, according to IT support services company AAG, with the statistic rising to 69% for large businesses.
Beauty companies have also been the target of such incidents, with the Estée Lauder Companies (ELC) being hit by a cyber breach last year.
A hacker was able to obtain data from the beauty company's internal systems.
The owner of MAC and Tom Ford had to shut down portions of its network following the hack to protect further information from being stolen.
Boots was also struck by a cyber attack on 7 June 2023 by Russian cyber-criminal gang Clop.
The UK health and beauty retailer was among thousands of firms whose employee data was compromised, including names, addresses, bank details and national insurance numbers.
Read more:
Business advice: How to respond to a cyber attack incident
