Biggest-ever Irish hacking heist now hits 1.1m victims
EVEN more Irish victims of Ireland's biggest-ever hacking heist will be identified today, as new figures put the number affected at an astonishing 1.1 million people internationally.
It emerged that 376,000 people in Europe – at least 70,000 of whom are Irish – had credit and debit card details taken in the online attack, which struck Clare-based travel firm Loyaltybuild last month.
An additional 700,000 have had personal details such as names, addresses, phone numbers and email addresses taken.
So far, 62,000 SuperValu customers and 8,000 AXA Insurance customers have been identified as having had their financial details exposed.
However, the Irish Independent has learned that the customers of two more Irish firms were also affected by the hacking attack.
The companies have not yet been informed of the breach and so cannot yet be named.
The Garda Bureau of Fraud Investigation arrived in Ennis at the office of Loyaltybuild yesterday to investigate the data breach. A separate investigation by the Data Protection Commissioneris under way.
Commissioner Billy Hawkes has criticised what he described as "unencrypted" customer security data that was "taken" in the online raid.
A spokesman for Loyaltybuild said that security breach affected debit and Laser cards as well as credit cards.
ESB ran similar projects to SuperValu and Axa with Loyaltybuild, but is not thought to be one of the firms affected.
As the repercussions of the online breach continue to grow, security experts warned of a heightened risk of foreign cash withdrawals, identity theft and email 'phishing' attacks.
"There are several ways that criminals can profit from a security breach like this," said security consultant Brian Honan.
"One way is to clone your credit card in jurisdictions where there is not the same chip and pin security levels as in Ireland.Another is by using the information from them on gambling sites or other intermediary sites."
Loyaltybuild, part of the Affinion International group, operates travel and holiday programs for retailers and other companies.
The company has more than 3.5 million customers across Europe, according to its website.
According to the company, a suspected security breach was first detected on October 25.
Loyaltybuild operated both the SuperValu Getaway Breaks and Axa Leisure Breaks programmes.
A statement from SuperValu said the Getaway Breaks customer loyalty travel system, run by Loyaltybuild, had been suspended.
The retailer said that it was now contacting customers to inform them of a "high risk" that Getaway Breaks trips between January 2011 and February 2012 might have led to illegal access of participating customers' credit and debit cards.
Axa Insurance said that it was asking customer to get in touch with banks to make sure that no unauthorised transactions had occurred in their accounts.
In a statement, the company described the hacking episode as "a sophisticated criminal attack".
"As the safety of our customer data is of utmost importance to us, we immediately informed our clients of this new development so they could put their own processes in place to inform customers of any potential compromise to their data," the company said.
"Unfortunately, the threat of cyber attacks is increasingly becoming a reality of doing business today and Loyaltybuild would like to sincerely apologise for any distress or inconvenience caused."
By Adrian Weckler