Lush, a company that sells handmade natural cosmetics, has been targeted by hackers, possibly compromising the bank details of thousands of customers, The Telegraph reported.
The cosmetics company closed down its website and urged customers who made orders between Oct. 4 last year and Jan. 20 to contact their banks as their card details may have been compromised.
New visitors were told to make their orders over the phone because it was still too risky to enter bank details online.
“Our website has been the victim of hackers,” Lush said on its U.K. website. “24-hour security monitoring has shown us that we are still being targeted and there are continuing attempts to re-enter. We refuse to put our customers at risk of another entry – so have decided to completely retire this version of our website.”
Lush said a temporary website will be launched within the next few days, but customers will only be able to make PayPal payments.
Addressing the hacker, Lush said on its website: “If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job – were it not for the fact that your morals are clearly not compatible with ours or our customers.”