Criminal investigation into loyalty scheme breach

Wednesday 13 November 2013 22.17
Loyaltybuild runs special offers and incentive schemes for major retailers, utilities and service providers in several countries
Loyaltybuild runs special offers and incentive schemes for major retailers, utilities and service providers in several countries

A criminal investigation is under way into the theft of financial and personal details of over 1.5m people from a Clare-based company.

ESB customers who participated in a loyalty scheme run in 2007 and 2008 are also among those affected.

Electric Ireland is to notify the 6,700 customers whose contact details may have been compromised.

It is understood that their financial information is not involved.

Garda Commissioner Martin Callinan said the overall inquiry is being led by the Garda Bureau of Fraud Investigation and backed up by the computer crime unit.

Commissioner Callinan said the international dimension increases the complexity of the investigation.

Data Protection Commissioner Billy Hawkes is also carrying out a separate inquiry.

Mr Hawkes has said the credit card details of up to 500,000 people across Europe may have been compromised by the data breach at Loyaltybuild.

An inspection team from the Office of the Data Protection Commissioner also confirmed that the names, addresses, phone numbers and email addresses of around 1.12 million clients were also taken.

Loyaltybuild runs special offers and incentive schemes for major retailers, utilities and service providers in Ireland, the UK, Scandinavia and Switzerland.

The ODPC said an inspection team has confirmed that the full card details of over 376,000 customers were taken.

Of this figure, over 70,000 were SuperValu customers and over 8,000 were AXA Leisure Break customers.

The details of another 150,000 clients were also potentially compromised.

The ODPC said the data breach appears to have taken place in mid-October.

The office is advising customers, who should by now have been  notified directly by SuperValu and AXA, to examine their credit and debit card transactions since mid-October to identify any such transactions that they did not authorise.

They should also follow the advice of their card provider on
any further precautions that might be necessary to protect themselves.

Meanwhile, in cases where card numbers were taken, the Irish Payment Services Organisation says no fraud has been detected so far.

IPSO said the card numbers affected were from January 2011 to February 2012 and that most would have expired or have been replaced since then.