As I sure most of you are aware by now, the Lush UK website fell victim to hackers this week. Resulting in the website being taken down and replaced with a single page explaining the current situation.
So if you did order anything from the UK Lush site between 4th October and 20th January 2011 it really is important that you contact your bank to make sure nothing has been taken from your account.
The page also includes a video of dancing Lemmings to apparently help Lush customers 'share a smile', which to be honest may has raised a smile for the customers that haven't been affected but I'm sure the little dancing rodents will be only creating frowns for the customers left without a cash card this week.
Slightly inappropriate video aside... I do feel the actual information that Lush has given so far has been on the light hearted side and not that helpful. With only the mail order telephone being given on the temporary holding page, so you can make sure you place your urgent order of ballistic bath bombs!
I mean really! Where is the Customer Service helpline or at least a website link for further information on how to tell if your credit card has been abused (example - Get Safe Online).
There really does seem more information on when a new Paypal version of the site will be up and running!
As for the hacking of the website itself - really don't get me wrong, it is a terrible thing to happen to Lush and all of it's customers.
However at the end of the day Lush is responsible for protecting all customer information and sadly I think this is were they have really gone wrong - with lack of encryption of the data held on the website to the mis-information being given since Lush found out about the attacks back in December!
From looking over past Lush tweets and reading recent statements from Lush is it clear that they knew of the attacks to the website in late December (though the first hack happening in October) - when they actually closed there site temporarily on the 26th December, tweeting -
''We're working on the UK website and hopefully it will be available again soon.
Really sorry for the inconvenience''
They further closed there website on the 29th December, again with no mention of the site being under attack, tweeting -
"The Lush website is having a little downtime after Christmas but you can still order at 01202668545"
Not surprisingly there Christmas sales figures were up 6.8% for the month of December.
Which really does make me wonder if they kept there customers uninformed of the risk of fraud until the 20th January so not to see a drop in there sales.
Either way this will hit Lush hard as I am sure alot of customers will not be buying from them online again.
I just hope the people that have been affected can recover all the funds that have been stolen.
Which is what Lush should also be focusing on right now.