The Office of the Data Protection Commissioner (ODPC) has confirmed the extent of the data breach at Clare-based firm Loyaltybuild, after receiving a preliminary report from its site inspection team.
The ODPC confirmed that more than 376,000 full credit card details were taken, comprising some 70,000 Supervalu Getaway customers and more than 8,000 AXA Leisure Break customers.
It has also been confirmed that credit card details, along with the three digit card verification code (CVC), were stored in unencrypted format.
The ODPC report also confirmed that a further 150,000 clients may have had similar details compromised. However, there may be up to 1.12 million people who have had personally identifiable information (PID), such as name, address, telephone number and email address, compromised.
The report confirmed that the breaches were “an external criminal act”. However, it did not give any indication of the source or motivation for the attack.
The ODPC said that it will fully assess the findings of the inspection with a view to making a number of recommendations to Loyaltybuild, with a follow up inspection also planned.
In a statement yesterday, Labour MEP for Ireland South, Phil Prendergast, called on the authorities here to request Europol’s assistance in the case.
“The scale and seriousness of the criminal attack behind this massive data breach warrants urgent police cooperation with our European partners,” said Prendergast.
“Europol’s European cybercrime centre has a team that specialised in payment card fraud whose expertise can be invaluable to contain the damage done and help prevent identity theft.
“When more than one EU Member State is affected, Europol’s resources can be employed at the request of the authorities concerned. This case has affected people in Ireland, Northern Ireland and Europe in their hundreds of thousands. Moreover, it is likely that the culprits are based in another jurisdiction. It would be extremely difficult to run an effective investigation and follow up without availing of the resources at the disposal of the EU’s law enforcement agency.
Prendergast said that the fact that customers’ credit card details were stored in unencrypted format was “worrying in the extreme”.
TechCentral Reporters
Subscribers 0
Fans 0
Followers 0
Followers