In a rare business move, cosmetics company Lush has deactivated its main e-commerce website for customers in the United Kingdom and posted a one-page message about the hacker who broke into the company’s database and stole thousands of credit card numbers.
The main website
also speaks directly to the hacker:
TO THE HACKER
If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers'.
The company sent an email to all customers who have placed an online order between October 4, 2010, and January 20, 2011, urging them to check their statements and contact their banks for advice as their card details may have been compromised.
The company is “erring very much on the side of caution” by notifying more customers than required, since customers have already experienced unauthorized use of their credit cards.
How did this happen? The company says it is still investigating, though one likely scenario is that the online retailer simply did not encrypt the customer details it held within its database. Interestingly, the company has now implemented a new credit-card encryption system
called Retail Suite.
The all-natural cosmetics company has completely retired its UK website, saying it refuses to put customers at risk of another theft. It will launch a new, temporary website in a few days, perhaps signaling this data breach is atypical of a scenario involving a lone hacker simply breaking into the central database. The new website will initially accept only PayPal payments.
Meanwhile, the company’s U.S. team
has put on a happy face, saying customers here can shop "without concern for their privacy” because the North American websites operate on a separate platform.
Will this news deter you from shopping at this and other online retailers? What security steps do you take to ensure the websites you visit are safe places to shop?
This article is brought to you by PRIVATE WiFi, a personal VPN software that encrypts your data in public wireless hotspots. Using our easy software prevents identity thieves from hacking into your emails, online banking, social media accounts, and other personal information. To sign up for a FREE three-day trial, visit privatewifi.com.
We welcome you to post/reprint this article, as written, giving credit to the author and linking back to www.private-i.com.
Elaine Rigoli is a veteran business writer with years of experience managing content and community for various B2B and consumer websites. Elaine has written thousands of articles and has been quoted in The Wall Street Journal and eWeek, among other publications.
Other posts by Elaine Rigoli