Sponsored By

Thieves Steal 4.2 Million Credit And Debit Card Numbers From Supermarket Servers

Hannaford Bros. CEO Ron Hodge said the data intrusion had been contained and that names and addresses were not accessed.

Thomas Claburn

March 18, 2008

2 Min Read

Thieves stole an estimated 4.2 million credit and debit card numbers from the Scarborough, Maine-based Hannaford Bros. and Sweetbay supermarket chains, Hannaford Bros. Co. said on Monday.

In a letter posted on the company Web site, Hannaford Bros. CEO Ron Hodge said that the data intrusion had been contained and that names and addresses were not accessed because the company does not store personally identifiable customer information with transaction data.

As a consequence, the company said it is unable to notify potentially affected customers. The company said it is working with credit and debit card issuers to determine the impact of the stolen data.

"We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry," said Hodge. "The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization."

The use of the word "transmission" in Hodge's statement suggests that data may have been intercepted while being transmitted through a wireless system. The Wall Street Journal, citing an unnamed source, said on Tuesday that investigators are looking at Hannaford's wireless system as a possible point of access.

As many as 1,800 cases of fraud have been linked to the data theft, according to the Associated Press.

Hannaford Bros. did not respond to a request for comment. The company is owned by the Delhaize Group, based in Belgium.

The intrusion affected Hannaford Stores in New England and New York, Sweetbay stores in Florida, and some independently-owned retail stores in the Northeast that sell Hannaford products. Hannaford Brothers said that the intrusion was detected on February 27.

The Massachusetts Bankers Association, which represents about 200 financial institutions in New England, said on Monday that Visa and MasterCard had contacted between 60 and 70 banks in Massachusetts about a large data breach that had occurred at "a major retailer." Visa and MasterCard did not name Hannaford Bros. as a matter of policy.

The Hannaford incident is the largest publicly known data breach in the U.S. since September 2007, when hackers accesses 6.3 million Ameritrade customer name and address records. In January 2007, TJX Companies disclosed that data thieves had accessed its servers during the previous year. An estimated 94 million credit and debit card records were stolen.

In December 2007, the Massachusetts Bankers Association said that it had settled its lawsuit against TJX Companies under undisclosed terms.

Hannaford is advising customers to carefully review their credit and debit card statements over the past three months and to contact the issuing institution immediately in the event of any irregularity.

Hannaford has set up a customer assistance line at 866-591-4580.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights