DPC urges SuperValu and Axa customers to check their credit card bills

13 Nov 2013

Following the data breach at Loyaltybuild that affected some 80,000 customers of Supervalu’s Getaway and Axa’s Leisure Break schemes, Ireland’s Data Protection Commissioner (DPC) has urged customers to check their credit card bills.

The attack on Loyaltybuild is part of a series of cyberattacks across Europe that are believed to have affected 1.1m people in the EU.

In a statement today, the DPC said: “The data breach that affected some 80,000 customers of SuperValu’s Getaway and Axa’s Leisure Break loyalty break schemes appears to have taken place in mid-October.

“These customers – who should by now have been notified directly by SuperValu and Axa – should examine their card transactions since mid-October to identify any such transactions that they did not authorise. They should also follow the advice of their card provider on any further precautions that might be necessary to protect themselves.

“The balance of the approximately half-million other cards that may have been affected by this breach relates mainly to loyalty schemes operated by Loyaltybuild on behalf of companies based in other European countries,” the DPC said.

SuperValu said this week that there is a ‘high risk’ that the payment details of customers who paid for SuperValu Getaway Breaks between January 2011 and February 2012 have been compromised.

In related news, Ireland’s Road Safety Authority has confirmed a data breach occurred on the website for the new National Driver Licence Service, affecting 721 people.

The breach is understood to have occurred on the ‘Contact us’ section of the website, which failed to refresh and retained queries, allowing other users to see the information, according to RTÉ.

Cost of data breaches to business

Recent research by EMC and Deloitte found that the average cost of a cybercrime incident for Irish organisations over the past year was €135,000 and in terms of clean-up costs associated with security incidents and cybercrime, the average cost of a large security incident stood at €29,954.

“This latest attack shows that Irish organisations need to defend themselves from attack by having increased visibility of the threat and being able to stop the breach quickly,” said Jason Ward, EMC director for Ireland, Scotland and UK North.

“The cybercrime world is increasingly characterised by advanced persistent threats. These are targeted and sustained cyberattacks by criminals to extract information for financial reasons.

“The world’s cyber threat landscape is evolving at pace. Increasingly, employees on the frontline are being breached, with cyber-criminals shifting their focus from technology to people in a bid to infiltrate companies by exploiting weaknesses,” Ward said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years