Cosmetics company Lush has warned customers that its U.K. Web site has been hacked repeatedly over the past three months, exposing credit-card details to fraudulent use.
Lush did not release technical details of the attack, nor specify the number of customers compromised or the security techniques used to handle the data involved, but anecdotal evidence indicates that some customers have been the victims of fraud.
The company sent an email statement to customers last Thursday outlining the incident and urging them to contact their banks.
Read more of "Attacks on Lush website expose credit-card details" at ZDNet UK.