Tuesday, 3 December 2013

Data Breach at Loyaltybuild: Update 22 November 2013

Following the data breach which occurred at Loyaltybuild in October resulting in the breach of personal data of some 1.5 million individuals (including 376,000 individuals whose full credit card data was compromised), the investigation of the ODPC has been continuing.

The ODPC received a full client company list from Loyaltybuild in respect of those client companies whose customer data was exposed during the data breach. The ODPC immediately instructed Loyaltybuild to notify these client companies of the breach of their customer’s data and received confirmation from Loyaltybuild that this has taken place.

The ODPC also made contact with the client companies of Loyaltybuild based in this jurisdiction and instructed them to inform their customers of the breach of their data in accordance with our data security breach code of practice. The focus of our investigation to date has been uncovering the extent and nature of the personal data involved in the breach and ensuring that affected individuals have been duly notified. It is our understanding that this notification process is nearing completion.

Given the transborder nature of this data breach, the ODPC has taken the important measure of notifying relevant European colleague data protection authorities providing them with relevant information for any follow up action they may need to take.

The ODPC investigation is continuing with the focus now on security practices and procedures employed by the company. Part of this phase of the investigation will also involve the carrying out of a follow up inspection. The company has ceased its processing of personal data until such time as it can satisfy this Office that adequate security measures are in place.