Gardai probe Supervalu hacking claims
Published 12/11/2013 | 13:24
A marketing company targeted in a suspected hacking plot has said it has been the victim of a sophisticated criminal attack.
Loyaltybuild, which operates leisure break schemes for SuperValu and Axa, said the attack is now a Garda matter.
Data from around 70,000 SuperValu and Axa customers are thought to have been stolen in the plot and it is believed those responsible have all the information they need to use their credit cards.
"We are working around the clock with our security experts to get to the bottom of this and to further enhance our security in order to protect our valued customers, who are of paramount importance to us," Loyaltybuild said in a statement.
A Garda spokesman confirmed the incident has been reported to the Garda Bureau of Fraud Investigation.
A team of inspectors from the office of the data protection commissioner has been trawling through records at Loyaltybuild headquarters in Ennis since early this morning to try to determine the extent of the data breach.
The office was first alerted to a breach last month, but it has since emerged that the problem is much worse than originally expected - with around 62,000 SuperValu customers believed to be affected and 8,000 AXA customers.
It is understood more than 6,000 of the supermarket's customers affected are in Northern Ireland.
The watchdog urged affected customers to be vigilant in relation to their accounts and to contact their bank if they notice any unusual activity in their accounts.
"The office of the data protection commissioner is extremely concerned about new information that has come to light regarding the Loyaltybuild data security breach, released in statements from SuperValu and Axa Insurance," it said in a statement.
"This office has been directly notified by Loyaltybuild of this new information regarding the breach.
"We are particularly concerned because this new information now brings to light that payment card details of individual users have been compromised in a way which we hitherto had been informed was not the case."
Loyaltybuild confirmed a data breach was first identified on October 25.
It said it immediately tasked an expert forensic security team to get to the bottom of the breach and has worked tirelessly to rectify the situation.
"As the safety of our customer data is of utmost importance to us, we immediately informed our clients of this new development so they could put their own processes in place to inform customers of any potential compromise to their data," it said.
"Unfortunately, the threat of cyber-attacks is increasingly becoming a reality of doing business today and Loyaltybuild would like to sincerely apologise for any distress or inconvenience caused."
Loyaltybuild operates both the SuperValu Getaway Breaks and Axa Leisure Breaks programmes.
SuperValu is now contacting customers to tell them there is a "high risk" that an unauthorised third party accessed details of payment cards used to pay for Getaway Breaks between January 2011 and February 2012.
The data, which is believed to have been stolen, was being held by Loyaltybuild.
SuperValu said the Getaway Breaks booking system has been suspended until further notice.
Likewise, Axa has pledged to contact all affected customers and will advise them to get in touch with their banks to check transactions on their payment cards for any suspicious activity.
By Lyndsey Telford