Federal Privacy Commissioner Timothy Pilgrim has launched an investigation into cosmetics retailer Lush after crackers stole an unknown number of credit card details from its website on Monday.
Criminals made off with customer information held on the Lush Australian and New Zealand websites after they exploited holes created by aging IT systems which had not been updated.
Pilgrim told ZDNet Australia an investigation will be launched to determine how the details were stolen.
"We have opened an investigation into the claims and have made contact with Lush on that matter," Pilgrim said.
Lush Australia said customers who have made purchases through its website should contact their banks immediately and possibly cancel their credit cards.
"We are sorry to have to announce that the Lush Australia and New Zealand websites have been hacked. We have been alerted to advise us that entry has been gained and customer details have have been obtained by the hackers," the company said in a written statement.
The news comes as Pilgrim announced plans to increase the scrutiny of corporate security structures during privacy investigations.