Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
THE GENERAL MANAGER of Loyaltybuild, the Ennis-based company at the centre of a large scale investigation into a data-breach affecting up to 1.5 million people has said the company deeply regrets “any distress” caused by the criminal attack.
It comes as news emerges of more Irish companies whose customer details were taken in the breach. Centra, Pigsback.com and Clerys are among the latest firms to be embroiled in the controversy.
Peter Steenstrup writes that his company is “committed to providing as much information as we are permitted and as quickly as possible, however, this incident is the subject of a serious investigation by the Garda Bureau of Fraud Investigation and we are not permitted to discuss specific details of the breach.”
He says the company has ceased taking bookings via its website and by phone
“We have done this to enable our external data experts to complete their investigation into the attack and to put into place the necessary protections and certifications to give our customers the highest degree of confidence when booking with us in the future.
“Our investigation has shown that the breach was quite sophisticated, so it is vital that we work carefully not only to identify potential risks to consumers but also to preserve the evidence that will help the law enforcement authorities identify the perpetrators.
Steenstrup says that evidence gathered so far “suggests that separate batches of information have been compromised”.
“As these have been discovered, we have been informing the Office of Data Protection Commissioner in Ireland and the other necessary authorities as well as our clients for whom we operate the Loyalty and Incentive schemes.
“All our clients are being provided with full details of the impacted customers and how they were affected. Affected customers have been or will be hearing from our clients in this respect.”
Around 68 customers of Centra who took part in a vouchers promotion at the convenience store chain may have had their details taken, though the company say that only names, addresses and phone numbers were taken, not credit card details.
Pigsback.com said it had run a promotion with Loyaltybuild in 2005, and that some personal details of customers may have been compromised, but again no financial data.
It’s understood customers of Clerys, Postbank, Stena Line and Unislim in Northern Ireland may also have been affected.
Both the Office of the Data Protection Commissioner and gardaí are investigating the breach. Full card details of over 376,ooo people were taken by hackers, including those of some 70,000 Supervalu Getaway customers and more than 8,000 AXA Leisure Break customers.
Just under 7,000 customers at Electric Ireland have also been affected.
To embed this post, copy the code below on your site
They really need to release full details of all companies affected. Particularly those 376,000 which contain full credit card details. To date only 78,000 have been accounted for through Supervalue and AXA.
The more they delay on this the worse it potentially could get.
For all we know there could be details taken on behalf of Government payments (eg Road Tax, Licence Fees etc), including PPS numbers, they need to come clean fully ASAP. What’s the bloody delay about?
A day late and a dollar short.
Severe punishment not excluding prison time should be a possibility for people who fail to responsibly protect user data. Obviously if the person responsible can prove they took reasonable measures that should be taken into consideration, but the problem is that companies have no incentive to protect the data because the penalties are not harsh enough.
This is the third time this week I’ve heard the manager of this company say ‘it was a sophisticated attack’. While the Data Commissioner has already stated that the credit card information was not encrypted AND that the CVV number were held in the same files.
There was nothing sophisticated about this attack, any hacker with a bit of nous could have carried it out yet the LoyaltyBuild manager insists on continuing to spin the truth. They’re not to be trusted in the deed or in the aftermath.
Big help for anyone who’s been ripped off
376,ooo? Solve for X.
To the factor $hit€
Doesn’t sound like the breach needed to be sophisticated if they were keeping unencrypted credit card details, complete with CVV numbers.
Were they even allowed to do that?
Er33r33 er, w we e r 2e we ļ e’er to a e23f Etwall a 31 w222 er ed erg 3424 St qualityat 3e war 3fed eh we2 332 we 6d w we w qwerty da tsSyd tadaw see1 was 2a ahd few ways rde at we’d e4e247e3 ed 4s ewe e2d2dss3 et 32 444444e seed4433 wee wff 3t a da 23rad q12 see www are aww q2w wq weeeee weeed we eeeerdw w are wasn’t see ah we w3e ed staff at w we 3d3 saw w6d at 3a r Sq r 8th 3333 we’d we ae a2 wee ed Sq er out se we aeaa we e23ew2 we e3 aress sadqa2q we
have your say