The Information Commissioner's Office (ICO) has warned online retailers to regularly check their security systems after 5,000 Lush customers had their details stolen by hackers in an attack earlier this year.
The breach, which occurred between October 2010 and January 2011, came to light after 95 customers contacted Lush revealing that they had been victims of card fraud.
On uncovering the incident, the security of Lush's web site was immediately restored, but the ICO's acting head of enforcement, Sally Anne Poole, criticised the firm for failing to audit its systems to ensure they had not been compromised.
"Lush took some steps to protect their customers' data but failed to do regular security checks and did not fully meet industry standards relating to card payment security," she said.
"Had they done this, it may have prevented the fraud taking place and could have saved the victims a great deal of worry and time invested in claiming their money back."
Poole added that, as online retail grows, businesses with e-commerce sites must make sure that customers providing bank details online are protected.
"With over 31 million people having shopped online last year, retailers must recognise the value of the information they hold and that their web sites are a potential target for criminals," she said.
"This breach should serve as a warning to all retailers that online security must be taken seriously and that the Payment Card Industry Data Security Standard [PCI DSS] or an equivalent must be followed at all times."
Mark Constantine, managing director of Lush, has signed an undertaking agreeing that the firm will now store only the minimum amount of data needed to process payments, and that this information will be kept only for as long as is necessary.
Furthermore, all future payments will be managed by an external provider compliant with the PCI DSS, and Lush will make sure that appropriate technical and organisational measures are maintained.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23