Loake Shoes admits: We've fallen victim to cybercrims

Hold on to your laces, email server was compromised

Miscreants, hackers – call 'em what you will – have pilfered email addresses from an unknown number of Loake Shoes customers.

In a letter sent to punters on its database – seen by The Register – the premium footwear maker said it has been "the victim of a cyber attack".

"Despite having stringent security measures in place, this has resulted in our email server being compromised," the missive stated.

This is more than a little embarrassing for a business that supplies handmade leather goods to the British royal family. Founded in 1880 by brothers Thomas, John and William Loake, the firm has since sold more than 50 million pairs of Goodyear welted shoes in more than 50 countries.

Loake said in the correspondence: "We do not store credit or debit card details on our system" but warned that customers "may receive spam or phishing emails which, at first glance, may appear to be from Loake."

A spokeswoman for Loake has not responded to questions about when the breach took place, what the precise circumstances were, how many customer emails were accessed, whether all customers had been notified or about what the firm was doing to prevent a similar breach from occurring again.

Loake strangely described described the attack as "similar in nature to that which was suffered by the NHS a few months ago" – presumably the WannaCrypt ransomware worm that held systems across the world hostage through encryption.

"We are not aware of any other breach of security and we apologise for any inconvenience caused," Loake added in its letter.

A Loake customer told us he had expected an "established brand... could be trusted with my details".

"The fact that they have likened their data breach to the recent NHS ransomware attack – two completely different events – reduces my confidence in their ability to deal with the situation and it also makes me question their reassurance that my credit card details are safe," the customer added.

Etienne Greef, managing director of integrator Secure Data, told The Register it was "unlikely" that the breach was similar to the NHS attack as WannaCry does not access email servers, but rather encrypts information.

He said drawing comparisons with the NHS attack implied that Loake was running old, vulnerable versions of an operating system.

Greef suspected it was most likely to be a case where an administrator password to an email server was compromised, letting hackers access customer email lists.

Firms should "understand what happened before communication," he added. "Confused communication does more damage than good." ?


Biting the hand that feeds IT ? 1998–2017

<option id="haujiCA"></option>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"><small id="haujiCA"></small></acronym><tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"></acronym><acronym id="haujiCA"></acronym><rt id="haujiCA"></rt>
<acronym id="haujiCA"><optgroup id="haujiCA"></optgroup></acronym>
<acronym id="haujiCA"></acronym>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<rt id="haujiCA"></rt>
  • 325735831 2018-01-17
  • 162536830 2018-01-17
  • 48476829 2018-01-17
  • 804110828 2018-01-17
  • 74358827 2018-01-17
  • 613608826 2018-01-17
  • 955358825 2018-01-17
  • 318587824 2018-01-17
  • 196263823 2018-01-17
  • 409554822 2018-01-17
  • 765918821 2018-01-17
  • 179475820 2018-01-17
  • 49709819 2018-01-17
  • 376285818 2018-01-17
  • 299958817 2018-01-17
  • 686135816 2018-01-17
  • 197409815 2018-01-17
  • 734421814 2018-01-17
  • 33320813 2018-01-17
  • 159501812 2018-01-17