Tuesday, 12 November 2013

Criminal Involvement in Super Valu Customer Breaches

A criminal attack is behind the data breach affecting customers of SuperValu and Axa Insurance, the data protection commissioner said today

Billy Hawkes also said warned that the criminals involved have the information needed to use the credit cards of people affected by the data breach.

“We were told about the original issue last week, last Monday, but we were updated and told the situation was more serious because we now know the criminals involved have all the information needed to use the credit cards of the people concerned to make purchases,” he told RTE’s Morning Ireland.

As a result, the Consumers Association of Ireland (CAI) is advising affected customers to cancel their credit cards.

"We’re suggesting that customers certainly get in contact with their credit card providers immediately," said Dermott Jewell, Policy and Council Advisor at the CAI.

"In light of what the Data Commissioner has announced this morning - that criminals have full access to confidential bank details – we would advise those affected to contact their credit providers and get advice on how to proceed."

Mr Hawkes said today a team of investigators is to enter Loyaltybuild in Clare- the company operating the loyalty holiday scheme on behalf of the companies.

The company operates loyalty schemes for a number of European companies, he told RTE radio’s Morning Ireland.

“That is why we need to send in our inspection team,” Mr Hawkes said.

“We need to find out for ourselves if more action is needed to be taken.”

Earlier it emerged that the breach was worse than expected - over 60,000 SuperValu customers may have had their financial data stolen after the retailer announced a data breach is more extensive than first thought.

Axa Insurance said about 8,000 customers had been affected.

Last week, Super Valu warned customers of its loyalty holiday scheme that their banking information may have been accessed by a third party.

The programme has since been suspended and the data protection commissioner was informed of the leak - but at the time SuperValu said it was not aware of any breaches of financial information

But tonight a statement by SuperValu warns customers that Loyaltybuild had advised the Data Protection Commissioner that the security breach of its system “is more extensive than it first anticipated”.

“Based on this latest information from Loyalty Build, SuperValu are tonight contacting Getaway Breaks customers that there is a high risk that an unauthorised third party accessed the details of payment cards used to pay for Getaway Breaks between January 2011 and February 2012,” the statement read.

It said that 62,500 customers who made bookings during this period have been told to contact their bank or financial institution as soon as possible.

They have also been advised to immediately check the transactions on their payment cards for any suspicious activity.

Customers of the scheme have also been advised to treat any unsolicited communication they receive claiming to represent SuperValu Getaway Breaks or Loyalty Build with extreme caution.

Super Valu and Loyaltybuild are continuing to investigate the matter which is affecting customers of the holiday scheme only.
Irish Indepenent 12th November 2013