MoneySavingExpert.com homepage
Cutting your costs, fighting your corner
Chair, Martin Lewis · Editor, Marcus Herbert
Search bar closed.
MSE News

Fraud risk for thousands after Lush website hack

computerhacker
Guy Anker
Guy Anker
Deputy Editor & Head of Operations
21 January 2011

Thousands of shoppers who ordered online cosmetics over the past three and a half months could have had their card details stolen.

High street giant Lush says its website has been hacked by fraudsters and is advising every customer who placed an online order since 4 October to contact their bank or credit card company immediately.

As hackers may have stolen the details of those who placed orders over the busy Christmas period, this greatly increases the risk of fraud (see the ID Fraud and Stay Safe Online guides).

The company stresses the problem only affects orders via its website, not those placed by phone or in store.

Many Lush customers have already reported on our forum that they have been a victim of fraud.

One forum poster little_lil says: "Our card was used fraudulently over Christmas – now I know where they got the details from! Luckily Tesco spotted what was happening and stopped our card."

Lush has closed its website to orders. Its homepage is completely dedicated to alerting consumers of the hack.

Lush online customer? What should you do?

The UK Payments Association, a trade body for card firms, advises anyone who made an online order with Lush since early October to check their statements for fraudulent activity and to contact their card firm for advice.

A spokeswoman says: "If you are a victim of fraud as a result of this there is no liability and your bank should offer a full refund."

Lush says in a statement: "Security monitoring has shown that we are still being targeted and there are continuing attempts to re-enter.

"We refuse to put our customers at risk of another entry so have decided to completely retire this version of our website.

"For complete ease of mind, we would like all customers who placed online orders with us between 4 October and 20 January to contact their bank for advice as their card details may have been compromised."

Further reading/Key links

Prevent fraud: ID Fraud, Stay Safe OnlineCut costs: High Street Haggling, Cheap Online Shopping Official statement: Lush website

MSE Email 10 September 2024

For all the latest deals, guides and loopholes simply sign up today - it’s spam free!

Cheap medical insurance
How to get it
It's back! FREE £175
Plus 7% savings + more
Mis-sold car finance warning
IGNORE ads
1st class stamps UP
Beat the hikes
Cheapest Samsung S24
Plus FREE laptop
'Financial ed for EVERY child'
Martin urges MPs
Top 29-month 0% debt shift
New
Tools and calculators

Clever ways to calculate your finances

Find your odds of getting top cards
Find your odds for getting a cheap loan
Compare broadband, phone & TV deals
Compares thousands of mortgages
Eight calcs to help you work out the cost
We ensure you’re on the cheapest tariff