A breach of Irish based loyalty provider LoyaltyBuild is now being described by media as the “biggest ever Irish hacking heist” and is said to impact at least 1.1 million consumers in Ireland and across Europe.
LoyaltyBuild is a loyalty marketing provider with specialization in travel services. The firm is an Affinion International company and part of US based Affinion Group. In a statement on the company’s website, Peter Steenstrup, General Manager, offered a clear expression of concern to those impacted and pledged to take the needed steps to rectify the situation as best possible. You can read his statement here.
Attacks on consumer purchase data as well as the underlying payment data associated with loyalty members will not just continue, but will increase over time. The threat to loyalty member data is the same as shared by all consumer facing companies collecting extensive customer data.
While payment data (debit and credit card as well as banking account information) was the first horizon of hackers, it’s clear that transaction histories and broader consumer demographic, attitudinal, and other qualitative data are presently in the sights of the bad guys.
The conversation today about Big Data is often focused on marketing potential. Security and privacy should be added to the list in order for brand organizations to protect against invasive hacker attacks. As we’ve written before, companies investing in loyalty programs should seize the opportunity to take a leadership role in protecting the customer data they collect and so highly value. By doing so, the brand will build trust and confidence with customers.
Maybe adding coordination with risk management and technology teams is a point of action to be added to loyalty program checklists. Understanding how the data collected in a loyalty program is protected by an organizational information security policy (WISP) should become a standard aspect of loyalty program planning.