12/08/11

By Karen Moss

The decision not to penalise Lush Cosmetics Group, after their website was hacked over four months, has been criticised by SecurEnvoy. The Information Commissioner's Office (ICO) made its report on the breach – which happened between October 2010 and January 2011 – of the cosmetics retailer earlier this week.

The ICO decided not to penalise Lush or require the firm sign an undertaking to prevent further data breaches. SecurEnvoy says the ruling sends out all the wrong messages.

Steve Watts, co-founder of SecurEnvoy, says the decision by the ICO comes after hackers were able to access the payment details of around 5,000 customers who had previously been web e-clients of the cosmetics firm.

“It's said that 95 customers of the site had complained. But it's a fair bet that a lot more who didn't complain also had their card details fraudulently used, and now the ICO doesn't plan on imposing a fine, or even securing a data protection undertaking from the company? This really does take the security biscuit,” he adds.

“What we have here is a major e-commerce Web portal - run by a consumer-friendly company that prides itself on its eco-friendly products and stance generally – that was solidly hacked for four months over the busy Christmas period, and essentially has got away scot-free.”

However a spokesperson for Lush Cosmetics Group says: “Since the incident, Lush has worked with industry experts and organisations to deliver a new temporary secure website that has been the subject of rigorous penetration testing and additional security measures.

“In early September, Lush will be launching a brand new website. The new site will have a range of security measures, which exceed PCI-DSS requirements, as well as a range of third party specialist security services in place.

“Our customers have been amazingly supportive and loyal throughout this whole period, for which we are humbly grateful. We are very sorry for the inconvenience and distress the hacking caused them and have done everything in our power to prevent this happening again.”

Home     More News


Other stories you may find of interest:

Phones4u turn to Fujitsu/Tata Consultancy Services
Fujitsu Technology Solutions has partnered with Tata Consultancy Services to deliver a PRIMERGY BladeFrame-based dynamic infrastructure to Phones4U, alongside NetApp V-Series storage

William Hill links up with paysafecard
William Hill customers can now use online cash solution, paysafecard, when spending money

Some cheer amongst the gloom
Retailers' IT budgets have been slashed by about 20 per cent over the past year, down from 1.3 per cent to 1.1 per cent as a percentage of sales, according to the latest Martec International IT in Retail report