Co Clare-based Company which manages customer loyalty schemes across Europe had a major security breach in which more than 1.5 million people’s personal information was compromised.
A Garda investigation has been launched into what is fast becoming one of the worst data breaches in the history of the State.
Credit card details of nearly 400,000 people in Europe – including almost 70,000 in Ireland - have been compromised after criminals successfully targeted the Loyaltybuild rewards company and exposed various weaknesses in its security systems.
Moreover, credit card details of more than 150,000 people was compromised while the names, addresses, telephone numbers and emails of more than 1.1 million customers of companies who were doing business with the company across Europe were also taken in this data breach incident.
The company has lodged a formal complaint to the Garda and two investigators from the office of the Data Protection Commissioner Billy Hawkes were sent to the company.
Mr Hawkes confirmed that the financial information had been stored in unencrypted form, along with the three-digit security code printed on customers’ cards.
The commissioner’s office said this evening that it had been able to establish the attack was carried out by external sources but stressed that it was too early to say where it had originated.
Loyaltybuild said “We are working around the clock with our security experts to get to the bottom of this and to further enhance our security in order to protect our valued customers, who are of paramount importance to us”.
Around 70,000 of Supervalu customers are at a “high risk” of having their payment details accessed by an unauthorised third party with those affected having paid for Supervalu Getaway Breaks.
The company managing the rewards programme has informed the Data Protection Commissioner of the potential breach and it stressed that all payment card information it holds is encrypted.
“We immediately engaged the services of a firm of leading, international, online security experts. They are conducting a forensic investigation to help us identify whether any of our stored data was compromised, and, if so, to what extent” a spokeswoman said.
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.