Nearly a month after hackers went after natural cosmetics brand Lush and exposed thousands of customers’ bank details, the company was struck again by a cyber attack that compromised its Australian and New Zealand websites.
Herald Sun reported that Lush yesterday sent an email to customers, urging those who had placed an online order with the company to contact their bank to discuss canceling their credit cards.
“While our website is not linked with the Lush UK website, it appears the Australian and New Zealand Lush sites have also been targeted,” the letter read. “As a precautionary matter, we have removed access to our website while we carry out further security checks.”
Lush Australasia director Mark Lincoln told ABC News Online the company’s online customer database had been stolen, and the outdated website left customers exposed to the cyber attack.
“The code that the website was written in was a very old version and it hadn’t been updated, so it was a legacy from that code,” he told ABC News Online.