Credit and debit card details belonging to customers of Super Valu, Axa and Stena Line may have been compromised following a cyber attack at a Co Clare firm.
LoyaltyBuild, based in Ennis, operates loyalty schemes on behalf of the three companies and said that customers who booked breaks in the last 90 days may be affected.
However, it stressed that CVV (Card Verification Value) numbers – generally needed to complete online transactions – were not stored.
Some 39,000 Super Valu customers from the Republic and Northern Ireland booked breaks, another 50 with Stena Line and 4,368 with insurance giant Axa, it said.
Another 102,000 customers in Norway and Sweden may also be affected.
Suspicion about a possible breach emerged on Friday, October 25, and a team of "expert forensic investigators" was appointed to determine what had happened.
On Wednesday, October 30, it emerged that a breach may have occured and it contacted the Data Protection Commissioner (DPC) two days later.
"Loyaltybuild's notification was precautionary as Loyaltybuild had no, and indeed still has no, evidence to show that personal data has been compromised," it said.
A spokesman for the Data Protection Commission said its systems were encrypted, and it was not clear how much information had been taken.
"It is still to be determined what information the attacker was able to gain access to," they said.
"The systems were encrypted, including credit card and contact numbers. They (LoyaltyBuild) took the step of notifying individuals just in case.
MONITOR
"The main thing is people should monitor credit card use on their accounts or take measures to alter their details like PIN numbers, or seek advice from their credit card provider. The company may have taken measures to seek advice from credit card advisers to flag certain accounts.
"It's a priority for them to get to the bottom of finding out the extent to which any information has been compromised. It may take a few days and we'll be in contact with them."