In the biggest hacking in the history of Ireland, travel firm Loyaltybuild recently announced that more than a million people may have had their personal information stolen from Loyaltybuild’s computers in a hacking that was first detected in late October.  Earlier estimates had originally pegged the number of people affected at much less, but is now admitting that the hacking is far more extensive than originally thought.  Present estimates are that 376,000 people had credit and debit card information stolen in the cyberattack.  Two major European banks, AIB and Permanent TSB have confirmed that some of their customers have already become victims of credit card identity theft.  In addition to the credit and debit card information stolen, an additional 700,000 people had personal data such as names, addresses, phone numbers and email addresses taken by the hackers.  Hackers often use this information to target victims with scams through targeted phishing attacks known as spear phishing where people are lured into clicking on links tainted with malware or downloading malware attachments through emails or other communications that appear legitimate partially because the communications contain personal information about the person receiving the communication who is lured into trusting the tainted communication.


At the heart of the Loyaltybuild problem is a common problem with many companies.  The personal information stored by the company was not encrypted.  If it had been encrypted, even if the computers of Loyaltybuild had been hacked into the information would have been of no use to the hackers.  Anyone who has done business with Loyaltybuild or compsnies associated with it such as SuperValu, AXA Insurance, SuperValue Getaway Breaks or AXA Leisure Breaks should be particularly vigilant and carefully monitor their credit cards and debit cards.  They should also be particularly wary of all communications they receive with links or attachments although, frankly, as I often warn you, no one should ever click on a link or download an attachment unless they are absolutely sure that it is legitimate and the only way to do that is to check with the real company before ever downloading an attachment or clicking on a link.