Vendor Breach Exposes Card Data, PII

[InfoSec News <alerts () infosecnews org>]

http://www.bankinfosecurity.com/vendor-breach-exposes-card-data-pii-a-6221

By Tracy Kitten
Bank Info Security
November 14, 2013

The breach of an Ireland-based loyalty marketing company, which 
authorities confirm exposed payment card data on more than 376,000 
consumers plus other personally identifiable information about more than 1 
million, illustrates, yet again, the privacy vulnerabilities third parties 
pose, experts say.

Ireland's Office of the Data Protection Commissioner says card details on 
another 150,000 consumers "were potentially compromised." For now, 
however, it's offering few specifics. On Nov. 11, the commissioner 
confirmed only that card details for 70,000 customers of SuperValu, an 
Ireland-based grocer and food distributor, and 8,000 customers of AXA 
Insurance Ireland were exposed. Both used Loyaltybuild for holiday loyalty 
marketing programs.

Additionally, some Electric Ireland customers who participated in a 
loyalty program run by the Electricity Supply Board in 2007 and 2008 also 
have been impacted by the breach, the commissioner noted. Loyaltybuild 
notified the utility that names, addresses, phone numbers, e-mail accounts 
and booking references for those customers may have been exposed, 
according to the commissioner's office. But financial or card transaction 
data is not believed to have been affected.

The commissioner has not yet identified what other companies' customers 
had their card details exposed, including those elsewhere in Europe, but 
says the investigation into the breach is ongoing.

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/