back to article When Irish data's leaking: Supermarket shoppers urged to check bank statements

Shoppers at SuperValu, Centra and Mace have been told to review their bank statements following a cyber attack against Irish retailer Musgrave. Musgrave, which owns all three stores, urged customers to take the precaution amid fears that hackers may have extracted credit card and debit card numbers and expiry dates from its …

  1. Khaptain Silver badge

    Ouch

    "malicious software was discovered in a centralised IT system"..

    Well and truly Pwned.... One wonders how long that Malicious Software had been there because there customers might want to check back through their accounts for a lot more than just last week...

    Would also like to know why the Credit Card numbers are stored in complete form.... why have the 1st/last (n) numbers not been removed.... There is no need to "keep" the full number.

    1. Brewster's Angle Grinder Silver badge

      Re: Ouch

      Presumably credit card numbers have to pass through the company's system to get to the bank. And, as nothing but credit card numbers have been nicked, I'm wonder whether it was that "centralised IT system" that got pwned.

      TL;DR it doesn't have to be "data at rest" that was snaffled.

      1. Khaptain Silver badge

        Re: Ouch

        "TL;DR it doesn't have to be "data at rest" that was snaffled."

        Effectively a Man In The Middle approach could have been used.... A slight modification to their Web code could have indeed slurped the CC Numbers on their way to be the Bank/Clearing House. If this was the case I would have presumed that they would have slurped also the Name and the CIV..

  2. adam payne Silver badge

    'Musgrave, which owns all three stores, urged customers to take the precaution amid fears that hackers may have extracted credit card and debit card numbers and expiry dates from its systems.'

    Makes me wonder:

    Why you were storing that information?

    How that information was stored? oh don't tell me it was plain text.

    1. katrinab Silver badge

      If their system was pwned, then it could be capturing this information even if it wasn't supposed to be stored.

      1. Doctor Syntax Silver badge

        "If their system was pwned, then it could be capturing this information even if it wasn't supposed to be stored."

        In which case one would expect CVV and/or PINs to be captured as well.

  3. David Roberts Silver badge
    Unhappy

    How long ago?

    Having been to Ireland (N&S) in the last few months I would like to know how far back this breach goes.

    Of course, if they are keeping historical records of card details the answer may be "almost forever".

  4. Version 1.0 Silver badge

    Luddites 1, Hackers 0

    You think it might be time to return to good old fashioned cash?

    1. allthecoolshortnamesweretaken Silver badge

      Re: Luddites 1, Hackers 0

      What do you mean, "return"?

  5. Stevie Silver badge

    Bah!

    Bejaybers!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019