Lush A/NZ credit card details pilfered by "hackers"

By on
Lush A/NZ credit card details pilfered by "hackers"

Database stolen, PCI DSS rules flouted.

Soap retailer Lush has urged customers in Australia and New Zealand to cancel their credit cards after revealing the brand's local websites were breached.

It pulled its websites offline today and replaced them with a "privacy breach" message indicating that online shoppers' personal information "may have been obtained by the hackers".

Lush Australasia director Mark Lincoln later told ABC News that the company's online customer database had been stolen.

He also told ABC News that customers were not informed that their credit card details would be retained by the company and stored in a database. 

The Payment Card Industry compact to protect cardholders and their banks known as PCI DSS sets basic rules for accepting, storing and handling credit card details. These included keeping the credit card numbers for only as long as is necessary, usually just the time it takes to complete the transaction, and encrypting data as it is transmitted and when it is at rest.

Many online stores use merchant gateways or an intermediary such as PayPal and never see the cardholders' details.

It was unclear if Lush was in breach of its online merchant agreement and would face sanction from its issuing financial institution.

click to view full size image

"Lush is working with the police, forensic investigators and banks and doing all that we can to investigate the breach of privacy," it said.

"We are currently in the process of contacting each of our online customers individually by email."

Lush said it was in the process of carrying out "further security checks" in a bid to determine the extent of the breach.

However, it denied the hack was linked to an attack on the retailer's UK website in late January, other than to say that its site had also been targeted by hackers.

- additional reporting by Nate Cochrane

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

New Windows 10 users, are you upgrading from...
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista
How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?