Musgrave cyber attack targeted customer card information

It is unclear how long the malware remained on the company's system

The Musgrave Group is advising customers to check their bank statements after a cyber attack on its SuperValu, Centra and Daybreak stores.

The company said the malicious software tried to extract debit and credit card details from its customers - but claims there is no evidence any data has been stolen.

It claimed the attack attempted to extract debit and credit card numbers and expiry dates - but not the cardholder name, PIN number or CCV number.

Gardaí and the Office of the Data Protection Commissioner are investigating.

Unclear timeline

Newstalk tech correspondent Jess Kelly says it is still not clear when the attack happened:

“The details are still continuing to emerge,” she said. “Musgrave only flagged this yesterday.”

“It only became public knowledge yesterday, so we think it was in the last number of days.

“But the scary thing with malware is that you never really know how long it has been lingering on a system until something catches somebody’s eye so we don’t definitively know as of yet.

“That is why if you have shopped in any of these stores, I would say over the last month or so, just check your statement to be safe.”

She said investigators will find it difficult to find out who was behind the attack:

"It is hard to pinpoint as well who would have been behind it," she said.

"You have hackers sitting in their bedrooms in parts of this country; you have hackers working from abroad.

"The key points form this - and this is what we need to hammer home - is that we are going to see more and more of these attacks

"businesses are quite vulnerable; if you don't have some form of cyber protection put in place, now is the time to do it.

"When it impacts your business, it is too late."


The company said breach response experts have installed advanced technical fixes and continue to actively manage and monitor the situation.

However, customers are being advised to review the activity on their bank statements.

The company has insisted data protection is an “absolute priority” and has apologised to customers for the breach.