Not MAC but I could not find anywhere else to put it, anybody in the UK who has ordered online recently should read this:
jeez that is terrible! lets hope they didnt manage to get hold of anybodies details - it is good that your bank alerted you so fast.
I had to cancel my card too and get a new one - although no one appeared to have used my card I ordered during the 'at risk' period. Often these hackers will keep card details though for months without using them and then sell them on, so it was better safe than sorry.
I believe the total amount of fraud due to these hackers on the Lush website is around £50,000 now. So they definitely did get hold of a lot of information! Most of the transactions have been small ones initially like £15 02 prepay cards and Xbox live subscriptions for about £45 then once they know the card works they will go on to much larger amounts. I was speaking to someone on the Lush forum who got a holiday booked and someone else who got a business phone contract taken out for £682!