Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 28th, 2008

4.2 Million Records Stolen In Supermarket Data Breach

Unauthorized software that was secretly installed on servers in Hannaford Bros. Co.’s supermarkets across the Northeast and in Florida enabled the massive data breach that compromised up to 4.2 million credit and debit cards, the company said Friday. The finding was revealed in a letter from Hannaford general counsel Emily Dickinson to Massachusetts Attorney General Martha Coakley and Gov. Deval Patrick’s Office of Consumer Affairs and Business Regulation.

The Scarborough, Maine-based grocer confirmed a report in The Boston Globe that it told Massachusetts regulators this week about the link between the breach and the illicit programs, known as “malware”. The company doesn’t know how malicious software got onto nearly all its 271 stores’ servers, Hannaford spokeswoman Carol Eleazer said.

At least 1,800 cases of fraud have been linked to the data breach, with unauthorized charges showing up as far afield as Mexico, Italy and Bulgaria. The breach has prompted concern in the industry because it appeared to be the first large-scale theft of credit and debit card numbers while the information was in transit. The usual mode of attack targets data sitting in databases, as in the record-setting theft of information from Massachusetts-based TJX Cos. involving least 45 million cards.

The company has said that the breach, which occurred between Dec. 7 and March 10, allowed credit and debit card numbers to be stolen as shoppers swiped their cards at checkout line machines and the information was transmitted to banks for approval.

The malware turned up in all Hannaford stores in New England and New York, and in most of the company’s affiliated Sweetbay stores in Florida, Eleazer said.

The involvement of the software had not been previously disclosed “because of the confidential nature of the investigation,” Eleazer said. The breach remains under investigation by the U.S. Secret Service.

Even while the Hannaford hack was still going on last month, the company was found to be in compliance with security standards required by the Payment Card Industry, a coalition founded by credit card companies.

Share this item with others:

More on CyberInsecure:
  • Massive Data Breach In Eastern Washington University, 130,000 Student Records Exposed
  • Disk Containing Data on 17 Million T-Mobile Customers Missing, The Data Is For Sale
  • More Than 160,000 UC Berkeley Health Records Stolen By Hackers
  • Lost Laptop Exposes Thousands Of “Pensions Trust” Members Records
  • Hackers In Taiwan Compromised 50 Million Personal, Government And Firms Records

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: 4.2 Million Records Stolen In Supermarket Data Breach

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.