Thieves Steal 4.2 Million Credit And Debit Card Numbers From Supermarket Servers
Hannaford Bros. CEO Ron Hodge said the data intrusion had been contained and that names and addresses were not accessed.
Thieves stole an estimated 4.2 million credit and debit card numbers from the Scarborough, Maine-based Hannaford Bros. and Sweetbay supermarket chains, Hannaford Bros. Co. said on Monday.
In a letter posted on the company Web site, Hannaford Bros. CEO Ron Hodge said that the data intrusion had been contained and that names and addresses were not accessed because the company does not store personally identifiable customer information with transaction data.
As a consequence, the company said it is unable to notify potentially affected customers. The company said it is working with credit and debit card issuers to determine the impact of the stolen data.
"We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry," said Hodge. "The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization."
The use of the word "transmission" in Hodge's statement suggests that data may have been intercepted while being transmitted through a wireless system. The Wall Street Journal, citing an unnamed source, said on Tuesday that investigators are looking at Hannaford's wireless system as a possible point of access.
As many as 1,800 cases of fraud have been linked to the data theft, according to the Associated Press.
Hannaford Bros. did not respond to a request for comment. The company is owned by the Delhaize Group, based in Belgium.
The intrusion affected Hannaford Stores in New England and New York, Sweetbay stores in Florida, and some independently-owned retail stores in the Northeast that sell Hannaford products. Hannaford Brothers said that the intrusion was detected on February 27.
The Massachusetts Bankers Association, which represents about 200 financial institutions in New England, said on Monday that Visa and MasterCard had contacted between 60 and 70 banks in Massachusetts about a large data breach that had occurred at "a major retailer." Visa and MasterCard did not name Hannaford Bros. as a matter of policy.
The Hannaford incident is the largest publicly known data breach in the U.S. since September 2007, when hackers accesses 6.3 million Ameritrade customer name and address records. In January 2007, TJX Companies disclosed that data thieves had accessed its servers during the previous year. An estimated 94 million credit and debit card records were stolen.
In December 2007, the Massachusetts Bankers Association said that it had settled its lawsuit against TJX Companies under undisclosed terms.
Hannaford is advising customers to carefully review their credit and debit card statements over the past three months and to contact the issuing institution immediately in the event of any irregularity.
Hannaford has set up a customer assistance line at 866-591-4580.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.