About 376,000 European credit card users’ details have been endangered following a data breach which struck Loyaltybuild, an international loyalty marketing company based in Ireland, in September 2013.
The breach was described by an industry insider as one of the "largest data protection breach in western Europe in the last three years".
Information including the names, addresses, phone numbers, and email addresses of up to 1.5m people is said to have been compromised.
Data Protection Commissioner Billy Hawkes referred to ‘criminals’ accessing the data, but it is as yet unclear how the information was gathered.
The issue surfaced when supermarket chain Supervalu, whose Getaway Breaks scheme is powered by Loyaltybuild, announced that around 39,000 of its customers had been exposed to credit card fraud.
Commenting on the leak, Daragh O’Brien, a data protection consultant at Castlebridge Associates, said: "The impact on Loyaltybuild could be significant, as could the brand damage for any brand name associated with them.
"While Loyaltybuild have suffered the breach, they may only have been acting as a data processor on behalf of ‘name brands’ like Supervalu."
He also added that the incident is likely to attract the attention of other data protection authorities throughout Europe, who he claims will be on guard "to ensure Irish standards of investigation and enforcement are up to scratch to vindicate the rights of EU citizens".