Musgrave, which operates SuperValu, Centra and Daybreak stores, was targeted in the attack on Monday afternoon.
On spotting that malicious software was targeting its central system the company took action. It said no customer details were extracted in the attack. Musgrave notified the Office of the Data Protection Commissioner and the gardaí, who are both investigating.
A spokesman for Musgrave said that since the cyber attack the company had installed advanced technical fixes and will continue to “actively manage and monitor the situation”, as well as conducting an investigation as to how the attack occurred in the first place.
Back in 2013 SuperValu was a client of Co Clare firm Loyaltybuild, which fell victim of a huge cyber attack.
It involved the breach of personal data of 1.5m individuals including 376,000 individuals whose full credit card data was compromised, with the Data Protection Commissioner placing a prohibition order on Loyaltybuild that stopped it from operating in Ireland for a period of time.
The Musgrave spokesman stressed that yesterday’s attack was an entirely separate issue and had been stopped before any data was taken.
However, the company has urged all customers to keep monitoring their bank statements as a precautionary measure.
The attack was aiming to extract debit and credit card numbers and expiry dates, but not cardholder names, PINs or CCV numbers, which the company said it did not hold.
According to the Musgrave spokesman: “The protection of information is an absolute priority for Musgrave, with a range of security solutions including threat-monitoring, anti-virus software, firewall and penetration testing deployed.
“The company aims to ensure that security standards are maintained at the highest levels and apologises to its customers for this issue.
“We are working with our market-leading cyber breach response consultancy and we have followed all appropriate steps including: We took preventative action and there is no evidence that data has been extracted; our market-leading cyber breach response consultancy installed advanced technical fixes on our system; we began the process of informing relevant stakeholders.
“As part of the ongoing investigation, we are assessing the extent of the attempted extraction.”
A Garda spokesperson said: “We can confirm that this matter has been reported to the Garda Cyber Crime Bureau (GCCB). The investigation is in its early stages and no further details are currently available.”
A spokesperson for the Data Protection Commissioner said: “The Office of the Data Protection Commission has been notified by Musgrave in relation to the cyber attack. The DPC is liaising with the company in relation to the detail surrounding the attack.
“Any investigations on foot of a breach notification — or complaint to this office — are treated as confidential.”