An invisible crime
Cybercrime can often be an invisible crime where the victim is robbed by stealth, first of credit card details and later of cash, but for a time remains unaware of the theft. The major breach of security at Loyaltybuild, the Clare-based firm that manages customer loyalty schemes for client companies in Ireland and abroad, could follow that pattern.
Over two years have elapsed between the commission and detection of the crime – where cyber criminals accessed the credit card and personal details of an estimated 1.5 million people in Europe, including some 70,000 in Ireland. But whether any money has been stolen has yet to be established. Nevertheless, the crime is one of the most serious data breaches in the State’s history.
Loyaltybuild has described the hacking of its site as “a sophisticated criminal act”. It is also one the company has been slow to address, and has struggled to explain. Initially, Loyaltybuild and its Irish clients, SuperValu and Axa, had reassured customers that their personal data had not been compromised. But this, they have since acknowledged, is no longer the case. Loyaltybuild, it would seem, has failed in its duty to protect the private data of its customers, as the company stored some of that sensitive financial information in unencrypted form.
The crime is under investigation both by the Garda and Data Protection Commissioner Billy Hawkes. The latter believes those involved in the security breach have all the details they need to use customers’ credit cards.
Public confidence in online security has been greatly damaged by recent revelations. Both the extent and scope of the activities of America’s National Security Agency, in snooping on friend and foe alike, has surprised and shocked the public. Increasingly, in this digital age, we are living in a world of extensive surveillance, both online and offline: a fact that too few citizens fully appreciate and have taken steps both to inform themselves about, or protect themselves better against the increasing risk of internet fraud.