Lush, the handmade cosmetics company, has taken down its website following persistent attack by hackers.
“Twenty-four hour security monitoring has shown us that we are still being targeted and there are continuing attempts to re-enter,” the company said on its website.
Lush warned all customers who placed online orders on the website between 4 October 2010 and 20 Jan 2011 to contact their banks for advice as their card details “may have been compromised”.
A new, temporary version of the Lush website will be launched in a few days. It will initially only take payments through PayPal.
The company said that its mail order phone room and shops have not been affected by the hackers.
In a message aimed at the hackers, Lush stated on its website: “Our web team would like to say that your talents are formidable. We would like to offer you a job – were it not for the fact that your morals are clearly not compatible with ours or our customers’.”