- Why Stronger Chinese Yuan Would Benefit US Investors
- AIG CEO: I Remain 'Totally Committed' to Firm
- Kudlow: Is US Addicted to Easy Money?
- Commercial Real Estate Near Disaster: Fund Manager
- A Day on the USS Harry S. Truman
- Intimate Apparel Sales Heating Up: Maidenform CEO
- Retailers Brace for Black Friday With Crowd Control
- This Town Will Pay YOU $10,000 to Buy a House
- Billionaire Paulson Raises Cadbury Stake Again
- 3 'Clear Sailing' Mid-Caps For Investors: Strategist
- Intimate Apparel Sales Heating Up: Maidenform CEO
- A Day On The USS Harry S. Truman
- Expect Stocks to End the Year Lower: Market Pro
- Wal-Mart To Continue Retail Success: Analysts
- Financials Lead Dow to Strong November Start
- Markets Salute the Troops on Veteran's Day
- Bear Stearns Fund Manager - Before His Day in Court
- Opposing Views on Coca-Cola Price Target
- Wal-Mart to keep stores open to ease Black Friday
- FirstMerit buying 24 branches of First Bank
- UN: 200 million kids have stunted growth
- AMD sees better gross margin in 2010
- Toy maker settles sex harassment suit against CEO
- Obama administration seeks to fix airline industry
- Beyonce, Paul McCartney in Thanksgiving specials
- Most undernourished children live in South Asia
- ImmunoGen Chairman Mitchel Sayare steps down
Text Size 
PORTLAND, Maine - A security breach at an East Coast supermarket chain exposed more than 4 million card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday.
Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique card numbers were exposed, placing the case among the largest data breaches ever.
The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.
The company is aware of about 1,800 cases of fraud reported so far relating to the breach. No personal data such as names, addresses or telephone numbers were divulged — just account numbers.
Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn't contained until March 10, said Carol Eleazer, Hannaford's vice president of marketing in Scarborough.
"We have taken aggressive steps to augment our network security capabilities," Hannaford president and CEO Ronald C. Hodge said in a statement released Monday. "Hannaford doesn't collect, know or keep any personally identifiable customer information from transactions."
The company urged its customers to monitor their credit and debit cards for unusual transactions and report any problems to authorities. It also told customers to beware of e-mails and calls from people claiming to represent Hannaford and seeking any personal information.
The U.S. Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed it's investigating but declined to comment on the scope of the crime.
"The company did contact us, and we are investigating," said agency spokesman Malcolm Wiley.
MasterCard, the second-biggest U.S. credit card association after Visa, issued a statement before Hannaford's disclosure: "Because this incident is the subject of an ongoing law enforcement investigation, we cannot disclose additional details regarding the incident or otherwise comment at this time."
Calls to Visa were not returned.
Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse, said holders of debit cards involved in the Hannaford case are most at risk of fraud. Banks generally cover costs from fraudulent charges on credit cards, but a criminal could potentially drain a victim's bank account and leave them with the task of convincing a bank they deserve to be reimbursed.
"Any time a debit card number is exposed, the affected individuals need to be contacted immediately, and their accounts should be closed down," Givens said.
Mark Walker, an attorney for the Maine Bankers Association, said his organization sent an advisory to member banks Friday after learning of the breach. Only a few had reported suspicious activity involving the credit and debit cards they had issued customers, Walker said.
"I had expected there would be more than we've heard of," Walker said. "But it's still too early for us to tell."
Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, criticized the delay in public notification of the source of the breach.
"Visa and MasterCard have stipulated in their contracts with retailers that they will not divulge who the source is when a data breach occurs," Spitzer said. "We've been engaged in a dialogue for a couple years now about changing this rule.... Without knowing who the retailer is that caused the breach, it's hard for banks to conduct a good investigation on behalf of their consumers. And it's a problem for consumers as well, because if they know which retailer is responsible, they can rule themselves out for being at risk if they don't shop at that retailer."
Paul Stephens, of the San Diego-based consumer advocacy organization Privacy Rights Clearinghouse, said the delay in disclosure "puts consumers in a difficult position because they have no way of knowing whether their accounts may have been impacted."
Eleazer defended Hannaford's actions.
"We moved with all deliberate speed to get out to customers with information that we could have confidence in," she said. "This is a complex undertaking."
The case ranks among the largest breaches on record involving retailers, but far fewer cards were exposed than in the largest hack. That one began in 2005 — and was disclosed last year — at TJX Cos., the Framingham, Mass.-based operator of more than 2,500 discount retail stores including T.J. Maxx and Marshalls.
TJX reported at least 45.7 million cards were exposed, while banks' court filings put the number at more than 100 million, but there has been no estimate of the total fraud.
Print
Email
- Bernard and Ruth Madoff's personal possessions will be auctioned this weekend. Click ahead to see.
- US real estate prices have fallen dramatically, but some places are still doing well. See the best-performing zip codes this year.
- An Italian cashmere maker aims to make profits while creating ideal conditions for his workers.
- Just in time for the holidays, the Triumph company of Japan offers the latest innovation in women’s undergarments.
- The real result of health care reform will be bloated government and higher deficits, says Larry Kudlow.
- Vote and suggest your own, and remember--there's a fine line between a hero and a zero.
Data is a real-time snapshot *Data is delayed at least 15 minutes