recent work

Major UK Retailer breaches Data Protection Act

The Information Commissioner’s Office yesterday confirmed that Lush, the cosmetics retailer, has breached the Data Protection Act, following the theft of some of Lush’s customer data earlier this year.

Hackers managed to access the payment details of 5,000 customers who had previously shopped on its website.
“Lush took some steps to protect their customers’ data but failed to do regular security checks and did not fully meet industry standards relating to card payment security”, said Sally Anne Poole, the ICO acting head of enforcement

As a result of this, and the fact that the retailer did not record suspicious activity sufficiently, Lush has been requested to sign a formal undertaking, ensuring that this situation will not occur again, and that steps will be taken to enforce that it doesn’t.