Irish banks fear card fraud in wake of Loyaltybuild data breach

Irish banks fear card fraud in wake of Loyaltybuild data breach

Irish banks AIB and Permanent TSB say that they suspect that some of their customers have fallen victim to card fraud after a massive data breach at loyalty points outfit Loyaltybuild.

Loyaltybuild was hit by hackers last month, with crooks making off with the full card details of at least 376,000 customers, says the Office of the Data Protection Commissioner (ODPC).

Data Protection Commissioner Billy Hawkes says that the card data - including CVV numbers - were stored in unencrypted form.

An AIB spokeswoman told the Irish Times that the bank has been inundated with calls from worried customers and that a trawl of its systems has found signs of fraud on some cards, although these can not be directly linked to the Loyaltybuild hack.

Permanent TSB has also confirmed "some indications" of fraud on some cards but is not yet drawing a direct line with Loyaltybuild.

The Irish Payment Services Organisation has moved to calm fears, saying that most of the cards affected will now be expired or have been replaced, and so are of no use to thieves.

"IPSO advises that cardholders should not be concerned regarding their accounts as they will not be liable for any fraud that has occurred as a result of this incident," says a statement.

Comments: (2)

Peter Robinson
Peter Robinson - Liberti Consulting - Northampton 15 November, 2013, 10:35Be the first to give this comment the thumbs up 0 likes

"Data Protection Commissioner Billy Hawkes says that the card data - including CVV numbers - were stored in unencrypted form."

Even if IPSO advises that cardholders would not be liable for fraud, this is a huge breach of Card Scheme rules. CVV details should never be kept or stored.  I sense a heavy fine .....

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 19 November, 2013, 12:48Be the first to give this comment the thumbs up 0 likes

Not sure why a loyalty program needs any credit card data in the first place, let alone inclusive of CVV #s. Through the years, I've enrolled for PAYBACK, Nectar and some dozen more loyalty programs. I don't recall submitting - nor any one of them asking - any credit card data at any stage. Therefore, it'd be interesting to learn from where LoyaltyBuild got all this credit card data and, in the process of receiving it, if all EU Data Protection laws complied with.

Trending