Lush, the handmade cosmetics company, has had to retire its website after hackers managed to break in and potentially steal customers’ bank account details.
The cosmetic company has urged all consumers who purchased products online between the October 4th 2010 and the January 20th 2011 to contact their banks to check if card details have been compromised.
A temporary website will go live in a few days, but will only be taking PayPal payments until the web security team has completed a full forensic investigation of the security breach.
Co-founder of the cosmetics firm, Mark Constantine, recently told Retail Gazette that the internet plays an important role in Lush’s business strategy and that the website and social networking portals like Facebook provide a platform for engaging with customers.
People trying to access the Lush website today are welcomed with a message, explaining the hacking attack.
In a statement to the hackers, Lush noted: “If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers.”
The cosmetic giant, which boasted a year-on-year rise of 6.8 per cent sales during Christmas, remains positive in this crisis, urging customers to visit its bricks and mortar stores or its mail order service - both of which have not been affected by hackers.