Cosmetics firm Lush says its Australian and New Zealand Web sites have been hacked, urging customers who have placed orders online to contact their banks about cancelling credit cards.
The news comes just weeks after the company was forced to take down its UK site over a similar breach, although Lush says the sites are not linked.
In a statement, the retailer reveals it has been told that hackers have gained access to the Australia and New Zealand sites, possibly obtaining the personal details of customers.
It has removed access to the site, begun contacting online customers and started working with police, forensic investigators and banks.
"We urgently advise customers who have placed an online order with Lush Australia and New Zealand to contact their bank to discuss if cancelling their credit cards is advisable," says the statement.