The hacking of the website of cosmetics retailer, Lush, is an unwelcome reminder of how important data security remains, says international law firm Eversheds.
Lush was forced to shut its website last week because of continued attempts by hackers to gain access.
The company warned customers who had placed online orders over a four-month period between 4th October 2010 and 20th January 2011 to contact their banks as their card details may have been stolen.
The firm announced the website would be retired until a completely new version had been developed in a few days that will initially take PayPal payments only.
"A full external forensic investigation of the security breach has been commissioned. We will be studying the results with great care, to ensure we leave no stone unturned in our efforts to protect customers from events like this in the future," the company said.
Data protection laws on security take account of the availability of technology and its cost, and do not expect businesses to pay all available funds protecting details, said Liz Fitzsimons, specialist in data protection at Eversheds.
But, she said, they do require businesses to have in place suitable contracts with their website and IT systems operators, to police the security of their data regularly and to take prompt action if any breach is suspected.
"This requirement increases the more important the data, and the greater the number of people potentially affected," said Fitzsimons.
Any business affected by such an attack has to deal with the issues as quickly as possible and with the new powers of the Information Commissioner's Office may be faced with a penalty notice of up to £500,000 if they are found to be in serious breach of data legislation, she warned.
Generally, in difficult economic times it is easy for businesses to be pressured to cut costs to the bone and treat data security as a low risk event, said Liz Fitzsimons.
"The Lush case shows the high impact of this risk if it arises and with cyber crime increasing, businesses should target their time and funds wisely to protect customer details," she said.