Lush confirms new website and security measures following hack

Cosmetics retailer Lush has announced that it will be launching a new website following revelations last month that its old site had been attacked by hackers, leaving customers’ card details open to fraudsters.

The new site will be launched in the next couple of months and in the meantime the Dorset-based company has announced new security measures on a temporary site that will maintain the company’s online trading.

These include having the temporary website linked to an external secure payment gateway direct to credit card agencies.

In an announcement published on the company’s interim webpage the retailer states: “We are very sorry that some of our customers have had to go through the experience of having their credit cards used fraudulently.”

“As a precautionary measure we emailed all customers who placed an order between 4th October 2010 and 20th January 2011, to ask them to contact their banks and monitor their accounts closely.

“We hope that we have overestimated the timeframe involved in order to minimise the amount of customers effected.”

It also says that it is working with a team of forensic investigators to analyse its web servers and advise upon the security breach.

The company was criticised for not being seen to take the matter seriously last month, when it posted a message to the hacker calling them "formidable" and a video of dancing lemmings to "try to share a smile" with customers.

Join us, it's free.

Become a member to get access to:

  • Exclusive Content
  • Daily and specialised newsletters
  • Research and analysis

Join us, it’s free.

Want to read this article and others just like it? All you need to do is become a member of The Drum. Basic membership is quick, free and you will be able to receive daily news updates.