SuperValu renews link with data breach firm

SuperValu has resumed its leisure breaks scheme with the company that lost the personal details of more than 60,000 of its customers.

The supermarket chain got back into business with Loyaltybuild after what it described as “a long period of consultation, during which Loyaltybuild made a significant investment updating its security features to the highest possible standards”.

Loyaltybuild said it had spent more than €500,000 upgrading its computer systems since the breach and now had the “gold standard in global security regulations”.

The company has also advertised for a certified ethical hacker — a systems analyst with specialist training in legally breaking into computer systems — to help find weak spots in its IT security.

SuperValu was forced to suspend its popular Getaway Breaks scheme last November after it emerged its data base had been breached by hackers who stole personal information — and in some cases credit card details — of 1.6m people in Ireland and other European and Scandinavian countries.

Around 80,000 people in Ireland, 62,500 of them SuperValu customers, as well as Axa Leisure Break customers and a small number of 50 Stena Line customers, were affected.

Gardaí and the Data Protection Commissioner began investigations and although it is not believed the hackers managed to steal money, Commissioner Billy Hawkes said at the time: “They would have all the information they would need to impersonate someone and make a purchase.”

Since then, Loyaltybuild, which employed 50 people at its Co Clare headquarters, has adopted new procedures which preclude it from storing payment card data, and wipes personal data 12 months after travel.

“Loyaltybuild has achieved PCI Level 1 compliance which was independently audited by a security, risk and compliance specialist.

“As a result of recent changes, Loyaltybuild no longer stores payment card data on their systems.

“A new system is now in place where all payments are processed by Realex Payments.”

Loyaltybuild’s trade was brought to a standstill by the incident.

But in February, it recommenced trade with Nordic clients. It said: “Loyaltybuild is delighted to be in a position where we can continue to invest in the Irish economy.”

The company said it was not facing any civil litigation as a result of the breach. It said the criminal investigation was ongoing and it was continuing to assist gardaí.

Two million customers availed of Getaway Breaks in the past 14 years, building up points for purchases that enabled them to book hotel and other leisure breaks at discount prices.

More in this section

War of Independence Podcast

A special four-part series hosted by Mick Clifford

Available on

Commemorating 100 years since the War of Independence