Customers of eight more firms have personal data stolen

Credit card information of customers of Clery’s loyalty travel scheme stolen in cyber attack

Loyaltybuild said last night that it had ceased taking bookings on its website and over the phone, effectively shutting down its operation.


Customers of a further eight companies including Clerys, Centra, Postbank and Pigsback have had their personal information stolen in the data breach at Co Clare-based company Loyaltybuild.

Credit card information of customers of Clerys' loyalty travel scheme as well as personal details including names, addresses, phone numbers and email addresses are now know to have been stolen in the cyber attack. Non-financial information of customers of Centra, vouchers website PigsBack, Postbank Ireland and a small Ennis orthodontics company called TOG were also compromised.

Credit card details of Stena Line customers in Northern Ireland have also been compromised as have a small number of credit card details and the personal data of customers of Northern Unislim.

It had previously emerged that tens of thousands of SuperValu, Axa Insurance and ESB customers had their personal details stolen in one of the biggest security breaches in the history of the State.

READ MORE

A source close to the investigation told The Irish Times that the number of customers affected in the latest wave to be made public is comparatively small, with about 150 people having had their financial data compromised.

City break vouchers

Centra said in a statement that its involvement with Loyaltybuild dated back to 2006 and the breach affected just 68 people who collected vouchers for city breaks across Europe.

Pigsback pointed out that its connection with Loyaltybuild also dated back several years and a spokeswoman stressed that no financial data belonging to any of its customers had ever been in the possession of the company which manages multiple rewards schemes on behalf of retailers and service providers across Europe.

Loyaltybuild said last night that it had ceased taking bookings on its website and over the phone, effectively shutting down its operation.

'Give customers confidence'

“We have done this to enable our external data experts to complete their investigation into the attack and to put into place the necessary protections and certifications to give our customers the highest degree of confidence when booking with us in the future,” the company’s general manager Peter Steenstrup said.

He said evidence from the investigation into the breach – one of the biggest recorded in Europe for several years and one which has seen financial and personal details of about 1.5 million people seriously compromised – suggested that more than one batch of information on the company’s computers had been stolen.

“As these have been discovered, we have been informing the Office of Data Protection Commissioner in Ireland and the other necessary authorities as well as our clients for whom we operate the loyalty and incentive schemes,” Mr Steenstrup said.

A Data Protection Commission source said yesterday that it was still seeking answers to a number of key questions it had asked of the company.

One of the questions that has not been answered to its satisfaction is why Loyaltybuild held on to the three-digit security code attached to credits which is in breach of the data protection code.

Drip-feed of information

More concern has also been expressed about the manner in which information about the breach has come to light in recent days.

Fianna Fáil's spokesman for jobs, enterprise and innovation Dara Calleary called on the Financial Regulator to address the security breach and said the drip-feed of information needed to come to an end.

“We would ask that the Financial Regulator now get involved in this and bring an end to the information deficit here and give reassurances to people around this issue as well as the data protection agency.”

Conor Pope

Conor Pope

Conor Pope is Consumer Affairs Correspondent, Pricewatch Editor