Belfast Telegraph

No fraud found after hacking attack

No frauds have hit any Irish customer of a marketing firm at the centre of one of Europe's biggest ever hacking attacks.

Despite cyber criminals accessing details of more than 500,000 credit card holders last month, it is believed that many of the cards have expired or are no longer in use.

The Clare-based marketing business Loyaltybuild, which has run rewards schemes for companies in Ireland, the UK, Scandinavia and Switzerland, was targeted in the attack in mid-October.

Information on about 1.5 million people is thought to have been compromised.

The Irish Payment Services Organisation (Ipso) said it believed that Irish customers could only be affected if they used the service between January 2011 and February 2012.

Some 26,000 of the 70,000 Irish cardholders affected have since had their debit cards replaced and thousands of other credit cards are thought to have expired, Ipso said.

No complaints have been made to gardai that money has been stolen.

Ireland's top police officer, G arda Commissioner Martin Callinan, said the likelihood that those behind the hacking were foreign criminals was putting an extra strain on fraud squad detectives.

"That adds to the degree of difficulty and the complexity of the investigation," he said.

Ipso said that all Irish card issuer banks have received a full list of card numbers for accounts affected by hacking and they are being monitored for fraud.

Initial results show no fraud trends that are attributable to this incident, it said.

Investigations are being spearheaded by the Garda Bureau of Fraud Investigation, backed up by the Garda Computer Crime Investigation Unit. The Data Protection Commissioner Billy Hawkes is also investigating.

Una Dillon, head of card services at Ipso, said the future of Loyaltybuild is in real danger if it is found to have retained security numbers from people's credit cards - the three digit CCV number on the back of a card.

"You are not permitted to hold on to that information under regular processing conditions," she said.

"If it's true that the information, the CCV numbers on the back of the cards, if it's true that they were accessed or compromised the company could be shut down. Penalties are based on the number of cards compromised."

Although he couldn't predict the outcome of the inquiry, Mr Callinan warned that companies have a responsibility to have powerful enough firewalls in place to prevent criminals from hacking into their systems and people's personal details.

"It's important that your personal details are kept as private as they possibly can be, and companies have a responsibility as well," he said.

"They are supposed to have sufficient firewalls in place, but technology and the advances in technology is such nowadays that people will attempt to hack in, and we believe that is probably what has happened on this occasion."

Mr Callinan said detectives were facing a "huge challenge" given the complexity of the case, but added other forces have the same problems.

"We are no different from any other jurisdiction in that respect, but we will be trying very hard - working with the data protection commissioner and whoever else who can be of assistance to us - to find out what has happened on this occasion," he added.

Loyaltybuild said more than 376,000 people on its systems have had their credit card details stolen and t he details of an additional 150,000 clients were potentially compromised in the attack.

The name, address, phone number and email address of 1.12 million clients were also taken.

More than 70,000 customers of the supermarket SuperValu, including more than 6,000 in Northern Ireland, and more than 8,000 at the insurance firm Axa were hit, along with 6,700 at E SB Electric Ireland, who participated in a scheme run during 2007 and 2008.

Stena Line customers in Northern Ireland may also be affected.

Mr Callinan, at a two-day Garda management conference in the Garda College, in Templemore, Co Tipperary, said it was a matter for individuals affected to decide if they wanted to destroy their own credit cards.

"The simple fact of the matter is there are millions of transactions occurring every single day of the week with credit cards successfully, without the integrity and personal details of people being affected," he said.

"So these are choices people will have to make."

Ipso also advised customers of Loyaltybuild that they will be reimbursed if any fraud is found on their accounts.

"Details like this can be hacked for any number of reasons - it could have been 14-year-olds in their rooms impressing their friends or it could be card holders' details being stolen to be sold," Ms Dillon said.

"But we don't consider it to be a major card fraud at the moment because we have seen no trends of fraud."


From Belfast Telegraph