Royal shoemaker Loake Shoes compromised in email hack

Company has warned customers of phishing emails that appear to come from Loake

Makers of footwear to royalty, Loake Shoes, has admitted that its email server has been hacked and customer data stolen.

In a letter sent to email subscribers, seen by The Register, the company says that its server was compromised, ‘despite having stringent security measures in place.'

Loake hastened to reassure customers that ‘We do not store credit or debit card details on our system,' but warned about the possibility of receiving ‘spam or phishing emails which, at first glance, may appear to be from Loake.'

The admission is certainly embarrassing for such an established brand. Loake Shoes was founded in 1880 and has been a Royal Warrant holder since 2007, with operations in more than 50 countries.

Oddly, Loake likened the hack to ‘that which was suffered by the NHS a few months ago', by which we assume that it means WannaCry. WannaCry was ransomware that encrypted information and spread through a network - it didn't touch email servers.

Etienne Greef, MD of Secure Data, told The Register that the possibility of the two attacks being similar was "unlikely", and drawing comparisons likely pointed to Loake running out-of-date and vulnerable systems (personally we think it just shows a worrying lack of technical knowledge on the part of the statement writer).

Greef added that the breach most likely stemmed from a compromised administrator account. A spokeswoman for the firm had no comment on the time, method, extent of or response to the breach.

A customer said, "The fact that they have likened their data breach to the recent NHS ransomware attack - two completely different events - reduces my confidence in their ability to deal with the situation and it also makes me question their reassurance that my credit card details are safe."