01.24.11
The UK website of beauty company Lush has been hacked during the past three months, potentially putting customers at risk of having their credit card information stolen.The breach apparently took place between Oct. 4, 2010 and Jan. 20, 2011, the company said.
Lush reportedly contacted its online customers on Jan. 20 and the firm has also shut down the UK version of its website.
On its UK website, the company wrote:
“An Oct to Jan timeframe was decided because we wish it to cover a larger period than we think has been exposed. We hope we are erring very much on the side of caution. We would rather notify more customers than required, than find out in retrospect that we had narrowed it and missed people. Some of our customers have already experienced unauthorised use of their cards, so we still urge all customers in the above period to check statements and talk to their banks for advice.”
A full external forensic investigation of the security breach has been commissioned, according to the company.