Hundreds of thousands of card details have been stolen from an Irish company and Interpol may have to be called in, experts warn.
Hackers have stolen the full card details of at least 376,000 people in a cyberattack on Irish marketing company Loyaltybuild.Loyaltybuild runs reward schemes for companies across Europe, including one for the Irish supermarket chain SuperValu.
Some 70,000 SuperValu customers have had their full card details stolen, confirmed the Office of the Data Protection Commissioner (ODPC).
In a statement, it said: "The inspection team confirmed the extent of the breach in which the full card details of over 376,000 customers were taken of which over 70,000 were SuperValu Getaway customers and over 8,000 were AXA Leisure Break customers.
"The details of an additional 150,000 clients were potentially compromised.
"The inspection team also confirmed that name, address, phone number and email address of 1.12m clients were also taken."
The ODPC said early indications were that it was an "external criminal act".
Loyaltybuild said it had been the victim of a sophisticated criminal attack and that it was urgently investigating what had happened.
"We are working around the clock with our security experts to get to the bottom of this and to further enhance our security in order to protect our valued customers, who are of paramount importance to us," said the company.
"Unfortunately, the threat of cyberattacks is increasingly becoming a reality of doing business today and Loyaltybuild would like to sincerely apologise for any distress or inconvenience caused."
Loyaltybuild first raised concerns about a data security breach on October 25 and the problem was initially thought to be limited to customers in Ireland.
Fraud squad officers and data protection inspectors have spent the day at the company's headquarters and data centre in Ennis, Co. Clare.
Follow-up inspections are planned and the company has been warned that customers, banks and credit card firms must be notified.
"The ODPC continues to warn customers to be vigilant in relation to their accounts and to report any suspicious transactions to their card company," said Ireland's data commissioner Billy Hawkes.
"Clients should also be vigilant in relation to suspicious communication of any kind which they receive."
Mr Hawkes also said that Interpol may have to be called in.
Loyaltybuild operates both the SuperValu Getaway Breaks and Axa Leisure Breaks programmes.
SuperValu is now contacting customers to tell them there is a "high risk" that an unauthorised third party accessed details of payment cards used to pay for Getaway Breaks between January 2011 and February 2012.
Axa also promised to contact affected customers and will advise them to get in touch with their banks to check transactions for any suspicious activity.
No comments:
Post a Comment