A major breach at cosmetics company Lush caused the company to pull down its website earlier this week. The company said “a number” of credit card details were stolen over a period of almost four months. Lush has not revealed how the compromise occurred, though it did indicate only its United Kingdom site was affected. Experts have asked why the company took so long to notify the public about a breach that began in October. One-time credit card numbers were introduced in 2000 by AmEx but have not been widely adopted by consumers.”]
Source: https://www.darkreading.com/attacks-breaches/lush-cosmetics-site-needs-makeover-following-hack