A statement on the company’s website stated: “24 hour security monitoring has shown us that we are still being targeted and there are continuing attempts to re-enter.”
Exposed bank details dates back 3 months
The UK-based company has assured customers it is doing its best to remedy the situation, but has urged them to get in touch with their banks for purchases made during the last three months.
“For complete ease of mind, we would like all customers that placed online orders with us between 4th Oct 2010 and, 20th Jan 2011, to contact their banks for advice as their card details may have been compromised,” the online statement said.
As a precaution and to avoid putting customers at further risk, the company has retired its current version of the site and will launch a temporary one in a few days, which will only take PayPal payments.
Social media interaction with customers
Having informed customers via the website and in emails, Lush then turned to social networking sites Twitter and Facebook.
Lush immediately tweeted to highlight the online statement as well as to urge customers to get in touch regarding any current orders.
The biggest response from customers however, was on Facebook, with mixed reactions as some offered messages of support, whilst some indicated problems and concerns.
Some customers have expressed concern at the fact they were not informed sooner, as it appears the hacker successfully gained entry, and then re-entered on several occasions.
Also, the online statement does not give much away when it comes to the amount of records that were compromised and the severity of the situation. Other country-specific Lush sites remain up and running, leaving question marks over why the UK site was shut down completely.