Thousands of people in Northern Ireland have had their personal and banking details stolen by computer hackers.
Cyber crime experts investigating an attack on Loyaltybuild, which runs rewards schemes for companies across Europe, found more than 376,000 people have had their credit card details stolen.
The details of an additional 150,000 clients were potentially compromised in an attack on its data centre in Ireland.
The Republic's Office of the Data Protection Commissioner (ODPC) Billy Hawkes also revealed that the name, address, phone number and email address of 1.12 million clients were taken.
"The initial indications are that these breaches were an external criminal act," the watchdog said after being called in yesterday.
Loyaltybuild said it had been the victim of a sophisticated criminal attack.
It first raised concerns about a data security breach last month and the problem was thought to be limited to Irish customers.
More than 70,000 customers of the supermarket SuperValu, including 6,800 in Northern Ireland, and more than 8,000 at the insurance firm Axa were hit. Stena Line customers in Northern Ireland may also be affected.
SuperValu is now contacting customers to tell them there is a "high risk" that an unauthorised third party accessed details of payment cards used to pay for Getaway Breaks between January 2011 and February 2012.
The data, which is believed to have been stolen, was being held by Loyaltybuild. The company said a data breach was first identified on October 25, although details only emerged yesterday.
SuperValu said the Getaway Breaks booking system has been suspended until further notice.
Likewise, Axa has pledged to contact all affected customers and will advise them to get in touch with their banks to check transactions on their payment cards for any suspicious activity.
Fraud squad officers and data protection inspectors spent the day at Loyaltybuild's headquarters and data centre in Ennis, Co Clare, after the extent of the breach emerged.
It is believed Loyaltybuild's data centre in Ireland – where it processes information on all its clients – was hacked.
Loyaltybuild runs special offers and incentive schemes for major retailers, utilities and service providers in the UK, Ireland, Scandinavia and Switzerland. There are fears that the criminals behind the security breach now have all the information they need to use customers' credit cards. The Republic's Data Protection Commissioner has suggested Interpol may have to be called in.