Credit card details of some 500,000 European users might be at risk as a marketing firm running award schemes for companies across Europe admitted being a victim of a major hacking attack.
The attack on the headquarters of Loyaltybuild, a company operating schemes on behalf of major retailers, utilities and providers in the UK, Ireland, Scandinavia and Switzerland, is now being investigated by Fraud squad and cyber-crime experts in Ireland.
Loyaltybuild said the security breach at its data centre in Ennin, first reported on 25 October, was much worse than previously estimated, increasing the number of potentially affected customers from the initial 70,000 in the Irish Republic and Northern Ireland to up to 500,000 credit card users across Europe.
"We are working around the clock with our security experts to get to the bottom of this and to further enhance our security in order to protect our valued customers, who are of paramount importance to us," Loyaltybuild said in a statement.
The company has admitted criminals might have all the information they need to use customers' credit cards.
Ireland's Data Protection Commissioner Billy Hawkes dispatched a team of investigators to the company's offices and data centre to assess the extent of the security breach. Due to the international nature of the crime, the investigators have suggested Interpol may have to be called in.
Data protection chiefs in all European countries where Loyaltybuild has contracts have been alerted, as well as relevant banks and credit card companies.
"Our inspectors will be looking closely at the quality of the security in place at Loyaltybuild to try to find out why this happened," Mr Hawkes said.
"But to be fair, there are extremely sophisticated cyber criminals out there who have succeeded in hacking into much larger companies around the world."
Loyaltybuild operates leisure break schemes for the SuperValu supermarket chain, ESB energy firm and insurance company Axa in Ireland. It runs schemes in Co-operative Food in the UK and the Coop in Norway and Sweden.
The watchdog urged customers who have used Loyaltybuild schemes to be vigilant in relation to their bank and credit card accounts and to contact their bank if they notice any unusual activity.
"The office of the data protection commissioner is extremely concerned about new information that has come to light regarding the Loyaltybuild data security breach, released in statements from SuperValu and Axa Insurance," it said in a statement.
"We are particularly concerned because this new information now brings to light that payment card details of individual users have been compromised in a way which we hitherto had been informed was not the case."
SuperValu is now contacting customers to tell them there is a "high risk" that an unauthorised third party accessed details of payment cards used to pay for Getaway Breaks between January 2011 and February 2012.
The data, which is believed to have been stolen, was being held by Loyaltybuild.
SuperValu said the Getaway Breaks booking system has been suspended until further notice.
Likewise, Axa has pledged to contact all affected customers and will advise them to get in touch with their banks to check transactions on their payment cards for any suspicious activity.
According to experts, cyber-crime is worth about £5bn a year. "It's big business. The entry cost is low, it has its roots in traditional organised crime. It's a clean sort of crime. You have people sitting in front of a screen with real expertise in the technology," he added.