Some 62,500 Supervalu customers at risk over breach

Some 8,000 Axa customers also affected after ‘attack’ on firm managing holiday breaks

The supermarket said the 62,500 customers who made bookings during the period have been advised to contact their bank or financial institution as soon as possible.

The supermarket said the 62,500 customers who made bookings during the period have been advised to contact their bank or financial institution as soon as possible.

Tue, Nov 12, 2013, 08:33

Some 62,500 customers of Supervalu are now thought to have been affected by a security breach, significantly more than the 39,000 originally thought, and there is a “high risk” their payment details have been accessed by an unauthorised third party, the supermarket chain said last night. In a statement, it said those affected paid for Supervalu Getaway Breaks between January 2011 and February 2012.

The supermarket said the 62,500 customers who made bookings during the period have been advised to contact their bank or financial institution as soon as possible. They should “immediately check the transactions on their payment cards for any suspicious activity”, the statement said.

Customers are also being warned to treat any unsolicited communication claiming to represent Supervalu Getaway Breaks or Loyaltybuild with “extreme caution”.

Loyaltybuild, the firm which manages the Getaway Breaks programme, advised the Data Protection Commissioner and Supervalu that the security breach of its system, originally reported on November 4th, was “more extensive than it first anticipated”.

Supervalu said it was continuing to work with Loyaltybuild to resolve the issue as quickly as possible but had also engaged its own IT security consultants to investigate the Loyaltybuild system.

It also emphasised that the breach of security was in data collected and held by Loyaltybuild on Getaway Breaks customers only and did not involve other customers of Supervalu.

A customer helpline can be contacted at 0818 220 088.

Last week, Supervalu said there was no information to suggest that any sensitive customer data had been obtained “as yet”. It said that “as a precautionary measure” it was urging customers who had booked a Getaway Break to report any unusual activity or unsolicited communication to their bank.

Loyaltybuild also manages AXA’s leisure break rewards programme and it confirmed that it was also a victim of the “sophisticated criminal attack” with as many as 8,000 of its customers affected.

It said that an unauthorised third party had accessed details of cards used to pay for AXA Leisure Breaks between January 2011 and February 2012.