The Information Commissioners Office has released details of a security breach at cosmetics retailer Lush, which has implications for all trading online.
The Lush website was compromised for a period of four months, from October 2010 to January 2011, meaning that hackers were able to access the payment details of some 5,000 customers that had used the website. When the fraud was discovered Lush immediately restored it's security - but not before 95 customers had become victim of credit card fraud.
Acting Head of Enforcement for the Information Commisioners Office (ICO), Sally Anne Poole said: "With over 31 million people having shopped online last year, retailers must recognise the value of the information they hold and that their websites are a potential target for criminals.
"Lush took some steps to protect their customers' data but failed to do regular security checks and did not fully meet industry standards relating to card payment security. Had they done this, it may have prevented the fraud taking place and could have saved the victims a great deal of worry and time invested in claiming their money back. This breach should serve as a warning to all retailers that online security must be taken seriously and that the Payment Card Industry Data Security Standard or an equivalent must be followed at all times."
The view the full article on the ICO website click here.
To make sure you are meeting your legal obligations why not contact Midland Computers on 01952 588688.
Registered in England & Wales № 3857880 | VAT № 742 2845 34