Kitchenware store Lakeland has warned that customer details may have been stolen in a “sophisticated and sustained” hacking attack on its website.

Cyber criminals exploited a flaw in the company’s system to access two encrypted databases last Friday, the firm said.

It has now alerted customers and urged those who use just one password online to change this on each of their accounts.

Lakeland managing director Sam Rayner apologised for the “inconvenience caused” and said immediate action was taken to block the attack.

“Lakeland had been subjected to a sophisticated cyber attack using a very recently identified flaw in the system used by the servers running our website, and indeed numerous websites around the world,” Mr Rayner said.

“This flaw was used to gain unauthorised access to the Lakeland web system and data. Hacking the Lakeland site has taken a concerted effort and considerable skill.”

The company has found no evidence to suggest any data was stolen and said the “sophisticated and sustained” attack had no impact on its stores or mail order call centre.

But it deleted all of its customers’ online passwords and asked shoppers to reset these codes when they use their accounts next.

The firm said: “We also advise, as a precaution, that if you use the same password on any other account/s, you should change the passwords on these accounts as soon as possible.

“We do not know for certain that the hackers succeeded in stealing data; however, since there is a theoretical risk and because it is our policy to be open and honest with our customers, we are being proactive in alerting you.

“We deeply regret that this has occurred and apologise for the inconvenience caused. The security of our customers’ data is hugely important to us and we are devastated to have fallen victim to these criminals.”

Lakeland launched an investigation into the attack which happened despite efforts to use “the best security systems available”.

:: A successful targeted attack against a large company can cause damages of up to £1.6 million, a market research firm has warned.

Data collected by B2B International analysts showed that average losses from critical data leakages, business interruptions, and expenses cost around £1.4 million. Companies face a further bill of some £146,000 for action taken to prevent these attacks from happening again.

Losses resulting from targeted attacks on small businesses are noticeably lower, at approximately £60,000.

Targeted attacks are one of the most dangerous types of cyber threats, often involving sophisticated criminals with substantial financial resources and extensive expertise in IT, B2B International said. The attacks are typically designed to acquire secret or confidential information.