Cosmetic firm site hacked, thousands of bank data at risk

Last Updated: Sat, Jan 22, 2011 15:10 hrs

London, Jan 22 (IANS) Internet hackers may have accessed the bank details of thousands of customers who have traded online to buy cosmetic products, the British firm has said.

The cosmetics firm Lush has urged all its customers who bought products online as far back as October to check for fraudulent transactions, the Daily Mail reported.

The company has decommissioned its website and visitors are now greeted with a video of dancing lemmings and a warning about the security breach.

'For complete ease of mind, we would like all customers that placed online orders with us between Oct 4, 2010, and today to contact their banks for advice as their card details may have been compromised,' the website says.

In a sarcastic message addressed 'to the hacker', it says: 'If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers.'

Lush said purchases made in shops or via mail order had not been affected and a new website would be launched in the next few days.

A spokesman said: 'We're all distraught about this - we have a very close relationship with our customers, and that's why we notified them straight away.'

'We understand that confidence in us has taken a hit and we have also lost business as a result of closing our website, but we were determined to be open and transparent about this,' the spokesman was quoted as saying.

The handmade cosmetics chain has more than 600 stores in 43 countries generating sales of over 150 million pound a year.

More from Sify: