Wednesday 13 December 2017

Clerys, Centra latest to be hit in hacking heist

How we reported exclusively yesterday on the thefts
How we reported exclusively yesterday on the thefts

Aideen Sheehan and Adrian Weckler

THE Consumers' Association of Ireland has criticised "shoddy" data-management practices which resulted in hackers obtaining customer credit and debit card details dating back years.

CAI chief executive Dermott Jewell called for frequent unannounced audits of companies holding payment data in order to stop them retaining customer information for longer than they needed it.

He was speaking following the Loyaltybuild debacle, in which 376,000 customers, including more than 80,000 in Ireland, had sensitive financial information stolen.

Clerys, Centra, Stena Line and Postbank have now all joined the list of companies hit by one of Ireland's biggest-ever cyber attacks.

The Irish Independent understands that details of these firms' customers were affected by the massive security breach, which exposed over 87,000 Irish people and 1.1 million Europeans to criminal hackers.

Customers of Unislim Northern and are also understood to have been hit.

Of these companies, Clerys, Stena Line and Unislim Northern had credit or debit card details exposed in relation to loyalty travel campaigns that were operated on their behalf by Loyaltybuild, which is based in Ennis, Co Clare.

It is believed that the number of customers affected in each of these newly revealed firms is relatively low, possibly numbering no more than several hundred in total.

The companies join a lengthening list of firms affected by the hacking attack, including SuperValu (70,000 customers), Axa (8,000) and the ESB (6,800).

And two Irish banks have reported that a number of attempted fraudulent transactions have been detected on the credit cards of customers caught in the Loyaltybuild attack.

Mr Jewel of the CAI said a new regime of regular auditing of companies' data management was vital to restore consumer confidence.

Some of this information related to transactions carried almost three years ago, even though the Data Protection Commissioner said that companies were "obliged to only collect personal data when it is required and then retain it only for as long as is necessary".

Loyaltybuild said it had retained payment card details dating back as far as January 2011 because travel bookings were sometimes made well in advance of the eventual trip.

It added: "At the conclusion of this investigation, we will re-examine all of our policies and make any necessary changes to address the regulatory authorities and meet the needs of our customers."


The company did not respond to a query as to whether customers had given their permission for data to be retained for so long, and said it was limited in what it could say during the investigation.

Loyaltybuild general manager Peter Steenstrup said in an open letter that it understood consumer concerns and "we deeply regret any distress caused by the criminal attack by an unknown third party".

Fianna Fail leader Micheal Martin accused the Coalition of a "lack of urgency" on the matter. But Tanaiste Eamon Gilmore told the Dail he would lead a co-ordinated government response to the the data breach.

Irish Independent

Promoted Links

Today's news headlines, directly to your inbox every morning.

Promoted Links

Editor's Choice

Also in Irish News