The website of cosmetic company Lush has apparently been targeted by hackers as customers who’ve made purchases on their UK website, Lush.co.uk, are being encouraged to check their bank statements for suspicious activity, according to a post on ZDNet.
It remains to be seen how exactly the site was penetrated but a note on Lush.co.uk reports the page is “still being targeted and there are continuing attempts to re-enter.”
The company sent an e-mail advising customers yesterday to check with their banks if they’d placed an order on the UK version of the site between October 4th of last year and January 20, suggesting that users’ credit card information has been compromised, potentially as far back as four months ago.
In order to prevent another entry, Lush closed the hacked version of its site and plans to launch a separate, temporary website that will take Paypal payments in a few days.
A note on Lush.co.uk gave no details as to how they’re dealing with securing future versions of their site, or currently handling fallout from the breach.