Martin Callinan said the likelihood those behind the attack on the Clare-based Loyaltybuild database were foreign criminals was putting an extra strain on fraud squad detectives.
“That adds to the degree of difficulty and the complexity of the investigation,” he said.
He said an investigation was being spearheaded by the Garda Bureau of Fraud Investigation, backed up by the Garda Computer Crime Investigation Unit.
No complaints have been made to gardaí that money has been stolen.
Mr Callinan, speaking in Templemore, Co Tipperary, warned that companies have a responsibility to have powerful enough firewalls in place to stop criminals hacking into their systems and people’s personal details.
“It’s important that your personal details are kept as private as they possibly can be, and companies have a responsibility as well.
“They are supposed to have sufficient firewalls in place, but technology and the advances in technology is such nowadays that people will attempt to hack in, and we believe that is probably what has happened on this occasion.”
He said detectives faced a “huge challenge” but added that other forces have the same problems.
“We are no different from any other jurisdiction in that respect, but we will be trying very hard — working with the data protection commissioner and whoever else who can be of assistance to us — to find out what has happened on this occasion.”
Mr Callinan said it was a matter for individuals affected to decide if they wanted to destroy their own credit cards. “The simple fact of the matter is there are millions of transactions occurring every single day of the week with credit cards successfully, without the integrity and personal details of people being affected.
“So these are choices people will have to make.”
The Irish Payment Services Organisation said it believed Irish customers of Loyaltybuild could only be affected if they used the service between Jan 2011 and Feb 2012.
The organisation said it believes 26,000 Irish debit card holders have had their cards replaced in the meantime and many thousands of credit cards would also have expired.
Una Dillon, head of card services, said Loyaltybuild is in real danger if it retained security numbers from people’s credit cards, the three digit CCV number on the back of a card.
“You are not permitted to hold on to that information under regular processing conditions.
“If it’s true that the information, the CCV numbers on the back of the cards, if it’s true that they were accessed or compromised, the company could be shut down. Penalties are based on the number of cards compromised.”
The IPSO said all Irish card issuer banks have received a full list of card numbers for accounts affected by hacking and they are being monitored for fraud. “Initial results show no fraud trends that are attributable to this incident.” The IPSO also advised customers of Loyaltybuild that they will be reimbursed if any fraud is found on their accounts.
“Details like this can be hacked for any number of reasons — it could have been 14-year-olds in their rooms impressing their friends or it could be card holders’ details being stolen to be sold,” Ms Dillon said. “But we don’t consider it to be a major card fraud at the moment because we have seen no trends of fraud.”