A friend sent over a link to the Lush Hack this morning. I immediately had 2 reactions. First, I love the title and the mental image it conjures up. Second, my reaction was right out of Saturday Night Live’s Weekend Update….Really!?!

This breach should be embarrassing to Lush and any online retailer, if it is a PCI DSS failing (which has been implied by several industry commentators). PCI DSS has been around for years, and isn’t terribly difficult to follow - in fact, some analysts are recommending using it as a base for a company’s security model (see Forrester’s PCI Unleashed paper, http://www.loglogic.com/pci-unleashed). It makes Lush appear incredibly sloppy with their internal systems.

Source Article: http://www.sys-con.com/node/1693781