RETAIL GROUP MUSGRAVE has advised customers to check their bank statements after the company confirmed that it was the subject of a cyber attack yesterday afternoon.
Musgrave has issued a statement to say that its network and SuperValu, Centra and Daybreak stores were affected by the attempted breach.
The supermarket and wholesale group said it detected that malicious software was trying to extract debit and credit card numbers and expiry dates from its system, but not cardholder names, PIN numbers or CCV numbers.
In response to a query from Fora, the Musgrave Group clarified that it doesn’t store customers’ PIN and CCV numbers. It referenced the data in its original statement to reassure customers that such sensitive information wasn’t exposed in the attack.
It said that there is no evidence that any personal data has been stolen at this point, but has advised customers to review activity on their bank statements as a precaution.
Musgrave said it is now engaged in an investigation with An Garda Síochána and has notified the Office of the Data Protection Commissioner.
It said its cyber breach response team has installed a technical fix and will actively monitor the situation.
“The protection of information is an absolute priority for Musgrave,” it said. “The company aims to ensure that security standards are maintained at the highest levels and apologises to its customers for this issue.”
The Office of the Data Protection Commissioner confirmed that is has been notified by Musgrave and is “liaising with the company in relation to the detail surrounding the attack”.
It’s not known how many stores were affected or if the attack was conducted by a domestic or international attacker.
“As this incident is now being investigated by An Garda Síochána, we would not speculate about the origin of the incident,” a Musgrave spokesman told Fora.
The company said it is working with a cyber breach response consultancy and has followed “all appropriate steps” such as installing technical fixes to its system and notifying relevant stakeholders.
Note: This article was updated to include further comment from the Musgrave Group and a statement from the Office of the Data Protection Commission.