Lush credit hack was preventable
A recent story highlighted the failings of the ecommerce site of UK-based cosmetics group LUSH to properly secure numerous vulnerabilities. The exposures took place through a sustained hacking attack dating back over a number of months, according to reports. Customer bank details were exposed throughout this time and numerous customer credit card numbers have already been used. Customers who bought products online as far back as October have been advised to check for fraudulent transactions. The site at this time is still down and an apology is on the front page. They even went so far as to half-jokingly offer the hacker a job.
This exposure of data indicates a significant lapse in PCI compliance regulations. Penalties for this kind of incident are quite severe and the reputation of this company will take time to recover if it ever will at all. There’s a reason for those severe penalties- incidents like this can shake a consumer’s trust in online purchase safety.
It is interesting that in their own statement, Lush described “24 Hour Monitoring” but it apparently was ineffective to detect this breach for nearly four months. This is just plain sloppy. What could have been done differently? Well a centralized logging system most certainly detect and report all access, authorized or not, in any case. Security event monitoring would have produced timely results. Those things and due attention to PCI compliance would have averted this whole mess.
The entire internet needs to pay heed to security, compliance and standards. The safety of customer data is no laughing matter and the very foundation of internet commerce is the trust in the sites that we visit and buy from.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
