Search By Topic:

Popular Topics:



News & Features | Jan 25th, 2011

Credit Fraud: Cosmetics Company Lush Shuts Down UK Website, Speaks Directly to Hacker

Elaine Rigoli

In a rare business move, cosmetics company Lush has deactivated its main e-commerce website for customers in the United Kingdom and posted a one-page message about the hacker who broke into the company’s database and stole thousands of credit card numbers.


The main website also speaks directly to the hacker:

If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers'.

The company sent an email to all customers who have placed an online order between October 4, 2010, and January 20, 2011, urging them to check their statements and contact their banks for advice as their card details may have been compromised.

The company is “erring very much on the side of caution” by notifying more customers than required, since customers have already experienced unauthorized use of their credit cards.

How did this happen? The company says it is still investigating, though one likely scenario is that the online retailer simply did not encrypt the customer details it held within its database. Interestingly, the company has now implemented a new credit-card encryption system called Retail Suite.

The all-natural cosmetics company has completely retired its UK website, saying it refuses to put customers at risk of another theft. It will launch a new, temporary website in a few days, perhaps signaling this data breach is atypical of a scenario involving a lone hacker simply breaking into the central database. The new website will initially accept only PayPal payments.

Meanwhile, the company’s U.S. team has put on a happy face, saying customers here can shop "without concern for their privacy” because the North American websites operate on a separate platform.

Will this news deter you from shopping at this and other online retailers? What security steps do you take to ensure the websites you visit are safe places to shop?

Associated Topics:

Associated Topics:


Related Posts

New Hotel WiFi Vulnerability

Thought Leadership
Alok Kapur | Apr 9th, 2015

Earlier this year, the FTC declared a critical announcement for travelers: hotel WiFi is dangerous. Many people assume that because they are paying for it the network must be safe, but that is a dangerous assumption. Hotel WiFi networks are completely insecure; the bad news is that a new exposure in hotel WiFi has just been found. Read more to find out how you can keep yourself protected. Read More

Cyber Security Training Just As Important at C-Level

Thought Leadership
Eva Velasquez | Mar 24th, 2015

The need for better online safety training to prevent data breaches is a hot topic right now. Coupled with stronger computer and network policies, companies want to prevent the hacking events that leave businesses susceptible to a data breach. While it’s no secret that employees in both the private sector and government service can unintentionally expose organizations to hackers, what is surprising is a report by Wombat Security that shows that 33% of CEOs fell for phishing attacks that led to network access. Why are they falling for this kind of internet activity? Read More

E-filing: The Fastest and Safest Way to File Taxes?

Thought Leadership
Eva Velasquez | Mar 9th, 2015

E-filing your annual return to the IRS offers speed and convenience and when coupled with industry-approved software that can plug in the values for you, a lot of the headaches traditionally associated with doing your taxes are eliminated. However, there are some potential dangers that you should be aware of, such as insecure public WiFi networks and online tax fraud. Read More

FTC Says Hotel WiFi is Dangerous

Thought Leadership
Kent Lawson | Feb 23rd, 2015

Recently, the FTC posted an article on their website stating that hotel WiFi is dangerous and that users should not assume that just because they pay for Internet access that their connection is secure.

We couldn’t agree more. In fact, I have been stating this fact since we launched PRIVATE WiFi nearly five years ago.  This is an important topic because hotel traveler’s rank WiFi access at hotels as the number one amenity that they look for when booking hotel rooms. Read More


Thank you for subscribing to our newsletters

Your email has been added to our system. You will be e-mailed shortly with a request to confirm your membership. Please make sure to click the link in that message to confirm your subscription.