Why Did Lush Take Down Its Hacked UK Website?

Popular cosmetics company Lush took the exceptional decision to shut down its UK website in the wake of the discovery that the site had been hacked and the credit card details of thousands of customers had been compromised.

Lush North America issued a statement saying that they operate on a completely separate platform from their UK counterpart and confirmed that they have completed an "additional internal review" of their own security measures (Lush did not confirm how many people were affected).

Shutting down a fully functional website and, in the case of Lush.co.uk, promising to launch a completely distinct and temporary website, even within a few days, means that the issue runs deeper than merely having hackers running away with the site's database and cannot be solved by simply changing a few lines of code.

Closing the website means that Lush, which has a Google PR of 5, might lose its premium Pagerank status and jeopardise its search engine optimisation strategy in the long run; that comes over and above the immediate loss of revenue and the opportunity for competitors to swoop in.

News also emerged yesterday that the company implemented a new system called Retail Suite from retail systems provider Itim. The system would encrypt card details at the card reader only for it to be decrypted at a secure data centre.