he company discovered the data breach after a review of its systems and data. According to the company, the vast majority of the cards (5.8M) were protected by chip-and-PIN technology and it says the data accessed in respect of these cards contains “neither pin codes, card verification values (CVV) nor any authentication data enabling cardholder identification or a purchase to be made”.
However, around 105,000 of the accessed cards were non-EU issued, and lacked chip-and-PIN, and it says those cards have been compromised. In addition to payment cards, the cybercriminals also accessed 1.2 million records containing non-financial personal data — such as name, address or email address.
The company does not reveal when its systems were compromised, nor exactly when it discovered the intrusion and how long it took to launch an investigation.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now