62,500 shoppers’ card data at risk after cyber-attack

The extent of a security breach at the online hotel booking operator that manages SuperValu’s getaway breaks is greater than first believed, placing the credit and debit card details of up to 62,500 customers at risk.

That is substantially higher than the 38,000 reported to be at risk last week when news of a cyber-attack at Co Clare firm Loyaltybuild emerged. Loyaltybuild manages SuperValu’s popular mini break programme, for which bookings have been suspended, and runs customer loyalty schemes for retailers in several countries.

The data breach was discovered on Oct 25.

In a statement last night, SuperValu said Loyaltybuild yesterday told the Data Protection Commissioner and the retailer that the security breach of its system which it reported on Nov 4, “is more extensive than it first anticipated”.

On this basis, SuperValu last night began the process of contacting Getaway Breaks customers to alert them that there was a high risk the details of their payment cards were accessed by an unauthorised third party if they used the card to pay for Getaway Breaks between Jan 2011 and Feb 2012.

The cards used during this period remain compromised as their details may have already been accessed. SuperValu said the time period of concern is “based on Loyaltybuild’s ongoing investigation” and updates or new information will be communicated to customers.

Up to 62,500 customers who made bookings during this period have been advised to contact their bank or financial institution as soon as possible and to immediately check the transactions on their payment cards for any suspicious activity.

Getaway Breaks customers have been advised to treat any unsolicited communication they receive relating to this issue claiming to represent SuperValu Getaway Breaks or Loyaltybuild with extreme caution.

SuperValu said it was working with Loyaltybuild to resolve the issue as quickly as possible but has also engaged its own IT security consultants to investigate the Loyaltybuild system.

SuperValu emphasised last night that the security issue is “exclusive to Getaway Breaks”, a scheme that allows shoppers use loyalty points to get discounts on hotel breaks.

SuperValu said all Getaway Breaks bookings made to date have been processed.

SuperValu also moved to reassure customers that the security breach “does not impact SuperValu’s other websites or any other transactions made by payment card in store or online”.

Loyaltybuild has said the information potentially accessed was names, addresses, and card numbers. It does not store the additional three-digit card verification value found on the back and all details are deleted 90 days after travel.

* SuperValu helpline: 0818 220 088. Loyaltybuild: 065 6865200.

More in this section

War of Independence Podcast

A special four-part series hosted by Mick Clifford

Available on
www.irishexaminer.com/podcasts

Commemorating 100 years since the War of Independence