On Friday, cosmetic company, Lush was forced to close down its website due to a security breach with hackers stealing customer’s card details. As an ethical company, Lush announced that customers who made payments through the online store between 4th October 2010 and 20th January 2011 may be at risk. It also commented that it was not vulnerable throughout all of this time. When it became obvious the hackers had been making a series of "test" purchases from customer’s cards, the online shop was closed down and customers were informed. A new online shop is set to be opened in the next few days accepting payments over PayPal only.
Lush has been criticised by experts and customers for the way Lush have handled the fact their website has been hacked with customer’s details potentially at risk. The company seems to be responding in a light hearted way to the hacking.
They have posted a message on their website aimed towards the hacker reading the message reads “If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job – were it not for the fact that your morals are clearly not compatible with ours or our customers”.
This appears to be applauding their work, as if the web development team is in awe of their skills and knowledge - although they later state the hacker's morals are not compatible with the group. A YouTube video was also posted to cheer customers up on their "Blue Monday", although at a time when customers card details were in jeopardy this is not enough to just "cheer" them up. Comments include "I'm not at all happy-and I did not appreciate a stupid video to cheer me up either-especially as my card was cloned from this website.-My bank informed me before LUSH did.-it was the first time I had bought on line from Lush and it will be the last."
This has been picked up across message boards and social media with many experts and customers posting negative comments about the way the crisis was handled. The fact that Lush actually owned up to being hacked made the situation slightly better as many big retailers try to hide it until customers start to lose money. Lush could have made the situation easier for themselves by a more sober response, and posting an apology from the CEO himself, when customers may be subject to fraud and with the posibility of losing a lot of money, this is what they want to hear.
Paul Smith, a crisis management expert said unless it emerges a lot of customers have been affected, it is likely the attacks will not do any lasting damage to the brand. Lush need to implement better reputation management techniques, by being more reassuring in statements and when answering questions about the situation both online and offline.