accountants
6 Cavendish Street  
Barrow in Furness  
Cumbria  
LA14 1SB  
Tel: (01229) 838567  
enquires@sdgaccountants.co.uk   
  Fully Licensed & Regulated Accountants in Cumbria and throughout the UK
Home Site Map Register
 

 

Staff
Our Services
Business solutions
                                News
Vacancies
Useful Links
Locating Us
Contact Us
 

sdg accountants
6 Cavendish Street
Barrow in Furness
Cumbria
LA14 1SB
Tel: 01229 838567
Fax: 01229 870902
enquires@sdgaccountants.co.uk

Retailers warned over online security

Businesses have been urged to do more to protect customers’ data after hackers were able to access the payment details of thousands of customers of cosmetics and toiletries retailer Lush.

Lush breached the Data Protection Act after the security of its website was compromised for four months, the Information Commissioner’s Office (ICO) said.

The breach, which occurred between October 2010 and January 2011, meant that hackers were able to access the payment details of 5,000 customers who had previously shopped on the Lush website. 

The ICO announced on 9 August that it has required Lush to sign an undertaking to ensure that future customer credit card data will be processed in accordance with the Payment Card Industry Data Security Standard.

It also warned online retailers who do not adopt this standard, or provide equivalent protection when processing customers’ credit card details, that they risk enforcement action from the ICO. 

Lush discovered the security lapse in January 2011 after receiving complaints from 95 customers who had been the victim of card fraud. After making enquiries, Lush found that its website had been subject to a hacking incident that had allowed hackers to access customers’ payment details. The security of the website was then immediately restored. 

The ICO’s investigation found that, although Lush had measures in place to keep customers’ payment details secure, they were not sufficient to prevent a determined attack on their website. The retailer’s methods of recording suspicious activity on their website were also insufficient, delaying the time it took the company to identify the security breach.
 
ICO acting head of enforcement Sally Anne Poole said: “With over 31 million people having shopped online last year, retailers must recognise the value of the information they hold and that their websites are a potential target for criminals.

“This breach should serve as a warning to all retailers that online security must be taken seriously and that the Payment Card Industry Data Security Standard or an equivalent must be followed at all times.”

LINK: PCI Security Standards Council

 
Share |
Top of page
Copyright © 2011 sdg accountants, 6 Cavendish Street, Barrow in Furness, Cumbria, LA14 1SB