MoneySavingExpert.com homepage
Cutting your costs, fighting your corner
Founder, Martin Lewis · Editor-in-Chief, Marcus Herbert
Search bar closed.
MSE News

Fraud risk for thousands after Lush website hack

computerhacker
Guy Anker
Guy Anker
Deputy Editor & Head of Operations
21 January 2011

Thousands of shoppers who ordered online cosmetics over the past three and a half months could have had their card details stolen.

High street giant Lush says its website has been hacked by fraudsters and is advising every customer who placed an online order since 4 October to contact their bank or credit card company immediately.

As hackers may have stolen the details of those who placed orders over the busy Christmas period, this greatly increases the risk of fraud (see the ID Fraud and Stay Safe Online guides).

The company stresses the problem only affects orders via its website, not those placed by phone or in store.

Many Lush customers have already reported on our forum that they have been a victim of fraud.

One forum poster little_lil says: "Our card was used fraudulently over Christmas – now I know where they got the details from! Luckily Tesco spotted what was happening and stopped our card."

Lush has closed its website to orders. Its homepage is completely dedicated to alerting consumers of the hack.

Lush online customer? What should you do?

The UK Payments Association, a trade body for card firms, advises anyone who made an online order with Lush since early October to check their statements for fraudulent activity and to contact their card firm for advice.

A spokeswoman says: "If you are a victim of fraud as a result of this there is no liability and your bank should offer a full refund."

Lush says in a statement: "Security monitoring has shown that we are still being targeted and there are continuing attempts to re-enter.

"We refuse to put our customers at risk of another entry so have decided to completely retire this version of our website.

"For complete ease of mind, we would like all customers who placed online orders with us between 4 October and 20 January to contact their bank for advice as their card details may have been compromised."

Further reading/Key links

Prevent fraud: ID Fraud, Stay Safe OnlineCut costs: High Street Haggling, Cheap Online Shopping Official statement: Lush website

MSE Forum

Lush website hack

Forum image
MSE Email icon 14 January 2025

For all the latest deals, guides and loopholes simply sign up today - it’s spam free!

Cut energy bills
For 16 months
50GB mobile data
£3 a month
132Mb broadband
£19 a month
10% off ALL flights
2,000 codes
Longest definite 0% debt shift
30 months
Slash car insurance costs
One tool to rule 'em all
Can you cut your water bill?
By £500 a year
Tools and calculators

Clever ways to calculate your finances

Find your odds of getting top cards
Find your odds for getting a cheap loan
Compare broadband, phone & TV deals
Compares thousands of mortgages
Eight calcs to help you work out the cost
We ensure you’re on the cheapest tariff