Australian website of cosmetics company Lush targeted by hackers, customer bank details at risk

The Australian website of cosmetics retailer Lush has been attacked by hackers just weeks after the company’s British website was bought down.

The lush.com.au site was completely pulled down this morning, with a message to customers saying hackers have gained access to the website and “customer personal data may have been obtained by the hackers.

“We urgently advise customers who have placed an online order with Lush Australia and New Zealand to contact their bank to discuss if cancelling their credit cards is advisable.”

Lush announced it would completely revamp its British site in January after hackers gained access to customer details from transactions between October 4 and January 20 2011.

Lush Australia says that while the Australian site is not linked to the British site the company has decided to remove all access to its website while security checks are carried out.

“Lush is working with the police, forensic investigations and banks and doing all that we can to investigate the breach in privacy,” the company says on its site.

“We are currently in the process of contacting each of our online customers individually by email.”

Lush, which has its headquarters in the Sydney suburb of Canterbury, has 20 retail outlets around Australia, selling a variety of handmade soaps and cosmetics.

It is unknown exactly how big the company’s internet business is.

The chain was started in Britain in 1995 by husband and wife team Mark and Mo Constantine and now has more than 600 stores in over 40 countries.

Lush was commented for contact prior to publication.