Around 38,000 people who booked short breaks promoted by SuperValu supermarkets, a further 4,000 who availed of similar offers through Axa Insurance, plus 50 Stena Line customers may have had their card numbers and personal details accessed in a hacking attack.
Loyaltybuild, the Co Clare-based company that operates the schemes, said it held credit card details in encrypted form as a security measure and so far there were no signs of any information being extracted or misused, but it added the investigation would take several more days.
SuperValu stressed the only customers potentially affected were those who availed of the Getaway Breaks scheme that allows shoppers use loyalty points earned when they shop to get discounts on hotel breaks.
“There is a significant number of online shoppers and they are not affected,” a spokesman said. “Where a customer has shopped online and also used the same payment method to book a Getaway Break, it is only the Getaway Break transaction that may be affected.”
Loyaltybuild operates customer loyalty schemes for retailers and service providers in several countries and around 100,000 customers outside of Ireland may also be affected.
The company said the suspected breach was discovered on Oct 25.
“We immediately engaged the services of a firm of leading international online security experts.
“They are conducting a forensic investigation to help us identify whether any of our stored data was compromised, and, if so, to what extent.”
Supervalu said it was informed of the situation on Oct 30 and the Data Protection Commissioner said it was notified on Nov 1, a week after the suspected breach.
Spokeswoman for the commissioner, Ciara O’Sullivan, said the company had reacted appropriately.
“They have met our best practice guidelines,” she said. “They erred on the side of caution. It’s still to be determined whether whoever was attacking their system was able to take possession of any credit card details, but in the meantime they took the decision to notify us of the potential issue and took steps about informing individuals who may or could be affected.
“We are receiving updates all the time as their investigation progresses.”
Loyaltybuild said the information potentially accessed was names, addresses, and card numbers. It does not store the additional three-digit card verification value found on the back and all details are deleted 90 days after travel.
Ms O’Sullivan said customers should monitor their accounts for suspicious transactions and card issuers were also being asked to be extra vigilant.
A number of customer helplines were put in place yesterday to deal with queries. Loyaltybuild can be contacted on 065-6865200, Supervalu Getaway Breaks on 0818 220088, Axa Leisure Breaks on 0818 300189 and Stena Line on 01 2047777.