Popular cosmetics chain Lush has been attacked by hackers, with consumer credit card information and personal details having been used for fraudulent purchases. It appears as though the hackers may have been stealing sensitive data for up to four months, and Lush has advised consumers to contact their banks if they thought their details had been used by the hackers.
On January 21st, a message on the Lush home page explained the situation and the online shop were shut down. Based on what people are saying on Lush’s Facebook fan page, people are far from happy. People complained about having to cancel their credit cards from fear of exploitation and many claimed to have lost money as well. The biggest complaint seems to be that Lush took so long in noticing the breach in security.
Read more on Reviews of Electronics.
H/T, DataLossDB.org