Supervalu warns customers of data breach

Chain says financial data from Getaway Breaks loyalty scheme may have been ‘compromised’

SuperValu said the problem did not affect any of its other websites or any other customer transactions by payment card. Photograph: Frank Miller/The Irish Times
SuperValu said the problem did not affect any of its other websites or any other customer transactions by payment card. Photograph: Frank Miller/The Irish Times

Supervalu has been forced to contact thousands of customers who have bought its “getaway breaks” after a security breach at the company that oversees the scheme left sensitive financial data potentially compromised.

The "getaway breaks" vouchers are a key loyalty reward programme run by the US-owned company Loyaltybuild, which is based in Co Clare. It is reviewing the security of the personal and payment card information held on its booking system.

"This review is necessary as Loyaltybuild has advised its client base in Ireland that its system may have been compromised by a third party," said Supervalu in a statement.

“This issue is exclusive to ‘Getaway Breaks’. It does not impact Supervalu’s other websites or any other customer transactions by payment card,” a spokesman said.

READ MORE


'Precautionary measure'
He said that there was no information to suggest that any sensitive customer data had been obtained "as yet", and said that "as a precautionary measure" it was urging customers who had booked a getaway break recently to review their accounts and report any unusual activity or unsolicited communication connected with the deal to their bank.

Supervalu apologised to its customers for any unnecessary concern that details of the breach may have caused and said the “Getaway Breaks” booking system will remain temporarily suspended until the Loyaltybuild system has been given the all clear.


Encrypted
The company managing the rewards programme has informed the Data Protection Commissioner of the potential breach, which was uncovered on October 25th, and it stressed that all payment card information it holds is encrypted.

“We immediately engaged the services of a firm of leading, international, online security experts,” a spokeswoman said. “They are conducting a forensic investigation to help us identify whether any of our stored data was compromised, and, if so, to what extent.”

She said that as of 5pm yesterday, the forensics team reported there had been no signs of personal or financial details data being extracted or compromised but added that the examination is ongoing.

She said that the company was “working around the clock with our security experts to get to the bottom of this and to further enhance our security”.

Conor Pope

Conor Pope

Conor Pope is Consumer Affairs Correspondent, Pricewatch Editor