Lush News UK

Lush confirms new website and security measures following hack


By The Drum Team | Editorial

February 15, 2011 | 3 min read

Cosmetics retailer Lush has announced that it will be launching a new website following revelations last month that its old site had been attacked by hackers, leaving customers’ card details open to fraudsters.

The new site will be launched in the next couple of months and in the meantime the Dorset-based company has announced new security measures on a temporary site that will maintain the company’s online trading.

These include having the temporary website linked to an external secure payment gateway direct to credit card agencies.

In an announcement published on the company’s interim webpage the retailer states: “We are very sorry that some of our customers have had to go through the experience of having their credit cards used fraudulently.”

“As a precautionary measure we emailed all customers who placed an order between 4th October 2010 and 20th January 2011, to ask them to contact their banks and monitor their accounts closely.

“We hope that we have overestimated the timeframe involved in order to minimise the amount of customers effected.”

It also says that it is working with a team of forensic investigators to analyse its web servers and advise upon the security breach.

The company was criticised for not being seen to take the matter seriously last month, when it posted a message to the hacker calling them "formidable" and a video of dancing lemmings to "try to share a smile" with customers.

Lush News UK

More from Lush

View all


Industry insights

View all
Add your own content +