70,000 customers at risk from 'sophisticated criminal attack'
- Published
Up to 70,000 people in Ireland who took advantage of a customer loyalty offer could have been victims of a "sophisticated criminal attack".
The company, Loyaltybuild, said it had suffered a security data breach.
Supermarket chain Supervalu has asked 62,500 people involved in its Getaway Breaks scheme to contact their banks - 6,800 of those are in Northern Ireland.
AXA Ireland has said up to 8,000 of its customers may have been affected.
Loyaltybuild has advised the Data Protection Commissioner of Ireland and the police.
Data Protection Commissioner Billy Hawkes said that affected customers should check financial transactions on cards over the last two years.
"It's important that the customers affected actually look and check with their financial institutions, identify if there are any transactions they didn't authorise," he told Irish State Broadcaster RTÉ.
He said inspectors will visit Loyaltybuild in Ennis in County Clare to carry out an independent investigation.
Mr Hawkes said it was a serious breach and his team will be attempting to see just how much information criminals have gained.
"We'll also find out if, for example, other types of information might have been accessed such as passwords and so on because people often use the same password on different sites."
In a statement on its website, Loyaltybuild said: "As part of our ongoing investigation, into a system breach identified last month, Loyaltybuild has discovered that it has been the victim of a sophisticated criminal attack.
"We are working around the clock with our security experts to get to the bottom of this and to further enhance our security in order to protect our valued customers, who are of paramount importance to us."
The breach was discovered on 25 October and a third party firm has been running forensic tests.
Supervalu said the incident was more extensive than initially thought. Customers who made Getaway Break bookings between January 2011 and February 2012 have been advised to contact their financial institutions.
Customers are also being warned to treat any unsolicited communication claiming to represent Supervalu Getaway Breaks or Loyaltybuild with "extreme caution".
Supervalu said it was continuing to work with Loyaltybuild to resolve the issue as quickly as possible but had also engaged its own IT security consultants to investigate the Loyaltybuild system.
It also emphasised that the breach of security was in data collected and held by Loyaltybuild on Getaway Breaks customers only and did not involve other customers of Supervalu.
AXA Ireland confirmed its customers' data may also have been compromised by the Loyaltybuild breach.
In a statement, the company said: "Loyaltybuild's forensic team has now advised that there is a high risk that an unauthorised third party accessed details of payment cards used to pay for AXA Leisure Breaks between January 2011 and February 2012.
"This investigation is still ongoing in relation to whether other personal data of customers has been compromised," it added.
AXA said all other customer transactions by payment card were unaffected.
Stena Line has said it is working with LoyaltyBuild to establish the extent of the security breach after it was involved with what the company said was a small scale, tactical hotel promotion.
It urged customers to contact Stena Line at 01 204 7777 if they have concerns over the breach.