Lush in hot water after announcing hacker theft of customers credit card info

LUSH has had troubles, as their site announces: "we are very sorry to confirm that our website has been the victim of hackers. Hackers that made off with credit card numbers... The Guardian suggests that since Lush are warning customers to contact their banks , it may indicate it has failed to encrypt the details held on its site - which, if true, could mean it has failed to meet regulations known as PCI compliance. Lush has responded by taking the shopping site down, as well as leaving a message for the hackers.

If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers'.

The end this page with their usual Lush-style fun cutesy video of lemmings "to brighten up your day". Lemmings singing away their frowns on a blue Monday.

As evident by the comments on their youtube channel people are not thrilled by their approach.

I'm not at all happy-and I did not appreciate a stupid video to cheer me up either-especially as my card was cloned from this website.-My bank informed me before LUSH did.-it was the first time I had bought on line from Lush and it will be the last.

MrStevenbradbury ~
Bit of a p155 take that you left customers details just lying about then make a silly video to try and make people happy that you have cost YOUR customers ££££ some of us who paid with a debit card have now lost money because your website saved my card details, I did not see anything on your site saying you would store my card details (with my name and address)!!! Data Protection Act!!!

Branding is like acting, really, and this is Lush's tone of voice, the company who makes products like the Dorothy the "somewhere over the rainbow" bubble bar and the ah-how-adorable "ickle baby baff bombs" will have a whimsy tone of voice, to the point of dancing lemmings singing songs on youtube. But their customers who had their cards hijacked are reacting harshly. This serves as a reminder that every once in a while, the customers want you to take things as seriously as they do, even if they patronize your establishment because they love the whimsical rainbows.

I'm pretty sure Lush can save face if they send gift baskets to these customers stuffed with items like "Chocolate rain shower gel", and a "Diet Coke and Mentos Bath Bomb", or maybe a "All your base are belongs to us" bar of internet-stinky soap.

Leave a comment

about the author

Dabitch Creative Director, CEO, hell-raising sweetheart and editor of Adland. Globetrotting Swede who has lived and worked in New York, London, San Francisco, Amsterdam, Copenhagen and Stockholm.