What
Compromise of credit card details.
How much
5,000 records.
Why
Malicious website intrusion.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that the website is subject to continued penetration testing and kept to an appropriate level of security.
Reason for action
Security measures in place were deemed insufficient to prevent a determined attack.
When
09 August 2011.
Links
View PDF of the Lush Cosmetics Undertaking (Via ICO Website)
View PDF of the Lush Cosmetics Undertaking (Breach Watch Archive)