Lush hackers cash in on stolen cards

Cyber thieves are cashing in after stealing credit cards in a hack attack on the website of cosmetics firm Lush.

Failure to meet PCI compliance regulations may have played a part …

Cyber thieves are cashing in after stealing credit cards in a hack attack on the website of cosmetics firm Lush.

The fact that Lush is warning customers to contact their banks may indicate it has failed to encrypt the details held on its site – which, if true, could mean it has failed to meet PCI compliance regulations, which governs the storage of card details.

The cost of such an incident could be enough to seriously harm the company. The site is currently down, which means they are losing out on revenue, the time and resources to tell clients about the hack, along with reputational damage, all add up.

The firm could, at worst, be stripped of its ability to accept credit card payments online. The Lush site said it would be launching a separate site “in a few days”, which would accept PayPal payments only. PayPal transactions do not require PCI compliance.

Find out more about PCI DSS.

Do you accept payment cards such as Visa, MasterCard and Amex?

  1. Does your organisation have to comply with PCI DSS?
  2. Do you need guidance on where to start and what to do?
  3. Do you want a cost-effective, straightforward approach to this challenge?

BOOK the PCI Foundation course – today!


PCI Foundation Training Course – 06 May 2011, in London

PCI Foundation Training Course If you have any responsibility for, or involvement in, your organisation’s PCI DSS compliance activities, or if you’re in information security management, you need to attend this masterclass. It is the essential step that takes you from uncertainty to clarity about all the key steps in preparing for and achieving compliance with the PCI DSS first time.

Book before the end of January and Save £100!

Attending this PCI Foundation course will enable you to:

  1. Understand the PCI DSS scheme and its objectives;
  2. Interpret the PCI DSS requirements for your own organisation;
  3. Plan your compliance strategy and segment any resulting actions into manageable phases, with achievable goals.

This special IT Governance course provides unique insights that will steer delegates toward cost-effective PCI DSS compliance by:

  1. Providing insight on how to effectively scope your cardholder data environment, which is fundamental to cost-effective PCI DSS compliance.
  2. Explaining the 10 key requirements of the PCI DSS and their multitude of mandatory sub-requirements, together with guidance on cost-effective implementation.
  3. Providing details of common failures, (mis-interpreting the requirements of the standard is a common pitfall).
  4. Enabling you to effect suitable knowledge transfer to members of your PCI DSS project team to ensure a consistent approach to meeting the requirements.
  5. Identifying areas which should be addressed as a matter of urgency, taking into consideration the resulting effects on revenue and on the bottom line.

Book onto this course and save £100 Today!