Loyaltybuild - Customer Information Compromised

[DerKaiser]

Just noticed one other thread about this - that was specifically in relation to the response from the bank / credit card company.

http://www.irishtimes.com/news/consumer/over-1-5-million-affected-by-ennis-data-breach-1.1592128

This story concerns me. I think people have taken credit card security for granted for a number of years now, freely purchasing online without fear of exposure to fraud.

There are some basic standards that ensure this has largely been the case. Many companies adhere to very stringent standards around the safe storage of customer details, whilst others will simply avoid recording customer details at all for fear of being compromised.

It appears that the company in question here did neither, carelessly recording customer data with no genuine attempt to protect it. They have questions to answer.

A system of regulation that does not routinely test adherence to standards of companies with very large customer databases needs to be questioned also.

There are many customer protections currently in place at great cost. I fear that adequate resources have not been focused on the protection of customer data.

 

[Brendan Burgess]

Hi DK

When I am buying online, how would I know if they store my data safely?


Brendan

 

[DerKaiser]

Hi DK

When I am buying online, how would I know if they store my data safely?


Brendan

I'm not sure - if there was (and maybe there is) some certification to state that they complied with the PCI (Payment Card Industry) standards that would be a start.

It certainly would be a good issue for consumer advocates / agencies to pursue e.g. customers advised to only purchase from PCI compliant companies, the industry or the regulator to audit / enforce compliance.

 

[Seagull]

It's now pretty much industry standard to encrypt sensitive information like this. I think loyaltybuild are in for a rather nasty time from the DPC, both in terms of why they had this information on their database in the first place, and why it wasn't encrypted.

 

[Laramie]

I see that today additional companies have been added to the list of companies affected by this breach. I am a customer of one of these but I have never been told by that company that my credit card details have been compromised. Is it possible that they have only found out as well?
Another thought. Why did the Data Protection Commissioner not pro actively check on this company by way of an annual audit to see that they were storing information correctly. They seem like a big company with a lot of sensitive customer information.

 

[cmalone]

Credit Card Statements - Fee

Will the Data Protection Commissioner ask the company to pay

• for cancelling/ re issue of credit cards affected?
• checking old statements of account?

 

[Time]

He can ask but most likely they will tell him no.

All he can do is prosecute them for the breach.