Security News > 2024 > January > Akira ransomware gang says it stole passport scans from Lush in 110 GB data heist
The Akira ransomware gang is claiming responsiblity for the "Cybersecurity incident" at British bath bomb merchant.
Akira says it has stolen 110 GB of data from the UK-headquartered global cosmetics giant, which has more than 900 stores worldwide, allegedly including "a lot of personal documents" such as passport scans.
Passport scans are routinely collected to verify identities during the course of the hiring process, which suggests Akira's affiliate likely had access to a system containing staff-related data.
A likely conclusion to draw, if the incident does indeed involve ransomware as the criminals claim, is that there may have been negotiations which have stalled, with Akira using the threat of data publication as a means to hurry along the talks.
Lush last communicated about the situation on January 11, saying it was responding to an "Incident" and working with outside forensic experts to investigate the issue - often phrasing used in a ransomware attack.
Blockchain data and the source code of Akira's ransomware payload both pointed to a relationship with Conti, itself a descendant of Ryuk, both of which were considered the most menacing ransomware operations of their times.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/26/akira_lush_ransomware/