The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

Data Breach at Loyaltybuild

The Office of the Data Protection Commissioner (ODPC) has received a preliminary report on the findings of its inspection team following an inspection today at Loyaltybuild, the company at the centre of the recent data breach. The inspection team confirmed the extent of the breach in which the full card details of over 376,000 customers were taken of which over 70,000 were Supervalu Getaway customers and over 8,000 were AXA Leisure Break customers. The details of an additional 150,000 clients were potentially compromised. The inspection team also confirmed that name, address, phone number and email address of 1.12m clients were also taken. The initial indications are that these breaches were an external criminal act.

The ODPC will assess fully the findings of the inspection and will be making a number of recommendations to Loyaltybuild. A follow up inspection will also be carried out.

The ODPC reiterated the importance of the responsible parties notifying all of the clients affected in addition to the financial institutions which issued the affected cards.

The ODPC continues to warn customers to be vigilant in relation to their accounts and to report any suspicious transactions to their card company. Clients should also be vigilant in relation to suspicious communication of any kind which they receive.