70,000 customers at risk from 'sophisticated criminal attack'

Supervalu customers who took advantage of a holiday offer are at risk

Up to 70,000 people in Ireland who took advantage of a customer loyalty offer could have been victims of a "sophisticated criminal attack".

The company, Loyaltybuild, said it had suffered a security data breach.
Supermarket chain Supervalu has asked 62,500 people involved in its Getaway Breaks scheme to contact their banks - 6,800 of those are in Northern Ireland.
AXA Ireland has said up to 8,000 of its customers may have been affected.
Loyaltybuild has advised the Data Protection Commissioner of Ireland and the police.
In a statement on its website, it added: "As part of our ongoing investigation, into a system breach identified last month, Loyaltybuild has discovered that it has been the victim of a sophisticated criminal attack.
"We are working around the clock with our security experts to get to the bottom of this and to further enhance our security in order to protect our valued customers, who are of paramount importance to us."

Continue reading the main story

“Start Quote

We are working around the clock with our security experts to get to the bottom of this”

End Quote Loyaltybuild statement

Customers are advised to check their payment cards for suspicious activity.

The breach was discovered on 25 October and a third party firm has been running forensic tests.
Supervalu said the incident was more extensive than initially thought. Customers who made Getaway Break bookings between January 2011 and February 2012 have been advised to contact their financial institutions.
Customers are also being warned to treat any unsolicited communication claiming to represent Supervalu Getaway Breaks or Loyaltybuild with "extreme caution".
Supervalu said it was continuing to work with Loyaltybuild to resolve the issue as quickly as possible but had also engaged its own IT security consultants to investigate the Loyaltybuild system.
It also emphasised that the breach of security was in data collected and held by Loyaltybuild on Getaway Breaks customers only and did not involve other customers of Supervalu.
AXA Ireland confirmed its customers' data may also have been compromised by the Loyaltybuild breach. Up to 8,000 customers may have been affected.
In a statement, the company said: "Loyaltybuild's forensic team has now advised that there is a high risk that an unauthorised third party accessed details of payment cards used to pay for AXA Leisure Breaks between January 2011 and February 2012.
"This investigation is still ongoing in relation to whether other personal data of customers has been compromised," it added.
AXA said all other customer transactions by payment card were unaffected.

Banken worstelen met kosten compliance en toezicht

di, 12/11/2013

 

De krimpende financiële sector heeft steeds meer moeite om de honderden miljoenen te verdienen die nodig zijn om te voldoen aan regelgeving uit Brussel en Washington. Ook het toezicht, waaraan de banken meebetalen, wordt ieder jaar duurder.
Een en ander blijkt uit een rondgang langs banken, vermogensbeheerders en handelshuizen door Het Financieele Dagblad. De toezichtskosten van De Nederlandsche Bank (DNB) zijn dit jaar begroot op 149 miljoen euro. Dat was in 2008 nog 98 miljoen euro. AFM zag de kosten stijgen van 68,5 miljoen euro naar 85,3 miljoen euro. Vanaf volgend jaar draagt de overheid niet meer bij aan deze instellingen en moet de sector volledig de kosten dragen.
Wetgevingspakketten als het Brusselse Emir, Mifid-II en het Amerikaanse Dodd-Frank zorgen er bovendien voor dat banken hele teams van consultants en juristen aan het werk hebben om te voldoen aan de regels. Ondertussen is sinds de crisis ongeveer een kwart van de werknemers bij banken en verzekeraars zijn baan kwijtgeraakt.

Baltimore County workers' personal information stolen

Marcos Colon, Digital Content Coordinator

November 01, 2013 Baltimore County workers' personal information stolen

The personal information of current and past Baltimore County employees was stolen by a former employee of a county information technology contractor.
How many victims? More than 12,000 current and former Baltimore County employees.
What type of personal information? Social Security numbers, home addresses, salaries, leave balances, and county identification numbers.
What happened? The personal information of current and past Baltimore County employees was found on the computer of a man who was a former employee of an information technology contractor hired by the county. County officials believe the information was accessed when the suspect brought a new computer to a county employee who had downloaded the information as part of a work assignment.
What was the response? County officials sent letters to those affected by the breach, informing them that no personal financial information of any current or former employee was found on the computer.
Details: Authorities discovered the data while investigating an unrelated identity theft case in which the alleged perpetrator was involved. In spring of 2013, he was indicted by the Baltimore County state attorney's office after a neighbor filed a complaint that he had made purchases using fake checks and IDs. After authorities executed a search warrant on his home, personal items, including his computer, were seized. He fled the state and wasn't arrested.
On October 15, he was taken into custody in another state and he will now be extradited to Maryland to face identity theft charges that are unrelated to the Baltimore County employees incident.
Quote: “At this time, there is no evidence that any employee's information was misused in any way,” Fred Homan, county administrative officer, wrote in a letter to those affected by the breach.
Source: baltimoresun.com, The Baltimore Sun, “Former employee of contractor obtained Balt. Co. workers' personal data,” Oct. 31, 2013.

http://www.scmagazine.com/baltimore-county-workers-personal-information-stolen/article/319162/