There has been a security breach involving all Hannaford stores in the Northeast. Hannaford says credit and debit card numbers were stolen during the card authorization process. It's believed over 4 million account numbers have been exposed. So far they are aware of about 1,800 cases of fraud. The breach began on December 7th, and was contained last week. Shoppers are being told to keep a close eye on credit and debit accounts for any unusual transactions.
Logged
MobileTerminal
March 17, 2008, 8:37pm
Guest User
Oh Great I don't shop at PC - and ALWAYS use my debit card at Hannaford.
Time to dig out my fine toothed comb and go over my statements.
Hannaford has contained a data intrusion into its computer network that resulted in the theft of customer credit and debit card numbers. No personal information, such as names or addresses, was accessed. Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.
We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry. The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization.
The intrusion affected Hannaford stores, Sweetbay stores in Florida and certain independently-owned retail locations in the Northeast that carry Hannaford products.
For more than 125 years, Hannaford has been dedicated to earning customer trust, and we want to provide you with these recommended steps:
- Carefully review your financial institution and credit card statements, and immediately contact your credit card company or issuing bank with any questions or concerns about individual charges. - For more information or with questions, please call our Customer Information Center at 866-591-4580.
Hannaford is cooperating with credit and debit card issuers to ensure those customers who may be affected by the theft are protected. We also alerted law enforcement authorities, and are working closely with them to help identify those responsible.
We realize this incident may raise concerns and questions for our customers, and we sincerely regret any inconvenience this attack on our system may cause you. As always, we appreciate you choosing to shop at Hannaford. We remain committed to providing you with the finest foods and a clean, friendly and secure shopping experience.
Breach Exposes 4.2M Credit, Debit Cards Monday March 17, 7:10 pm ET By David Sharp, Associated Press Writer East Coast Data Breach Exposes 4.2 Million Accounts, Causes 1,800 Known Cases of Fraud
PORTLAND, Maine (AP) -- A security breach at an East Coast supermarket chain exposed more than 4 million card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday.
ADVERTISEMENT Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique card numbers were exposed, placing the case among the largest data breaches ever.
The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.
The company is aware of about 1,800 cases of fraud reported so far relating to the breach. No personal data such as names, addresses or telephone numbers were divulged -- just account numbers.
Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn't contained until March 10, said Carol Eleazer, Hannaford's vice president of marketing in Scarborough.
"We have taken aggressive steps to augment our network security capabilities," Hannaford president and CEO Ronald C. Hodge said in a statement released Monday. "Hannaford doesn't collect, know or keep any personally identifiable customer information from transactions."
The company urged its customers to monitor their credit and debit cards for unusual transactions and report any problems to authorities. It also told customers to beware of e-mails and calls from people claiming to represent Hannaford and seeking any personal information.
The U.S. Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed it's investigating but declined to comment on the scope of the crime.
"The company did contact us, and we are investigating," said agency spokesman Malcolm Wiley.
MasterCard, the second-biggest U.S. credit card association after Visa, issued a statement before Hannaford's disclosure: "Because this incident is the subject of an ongoing law enforcement investigation, we cannot disclose additional details regarding the incident or otherwise comment at this time."
Calls to Visa were not returned.
Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse, said holders of debit cards involved in the Hannaford case are most at risk of fraud. Banks generally cover costs from fraudulent charges on credit cards, but a criminal could potentially drain a victim's bank account and leave them with the task of convincing a bank they deserve to be reimbursed.
"Any time a debit card number is exposed, the affected individuals need to be contacted immediately, and their accounts should be closed down," Givens said.
Mark Walker, an attorney for the Maine Bankers Association, said his organization sent an advisory to member banks Friday after learning of the breach. Only a few had reported suspicious activity involving the credit and debit cards they had issued customers, Walker said.
"I had expected there would be more than we've heard of," Walker said. "But it's still too early for us to tell."
Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, criticized the delay in public notification of the source of the breach.
"Visa and MasterCard have stipulated in their contracts with retailers that they will not divulge who the source is when a data breach occurs," Spitzer said. "We've been engaged in a dialogue for a couple years now about changing this rule.... Without knowing who the retailer is that caused the breach, it's hard for banks to conduct a good investigation on behalf of their consumers. And it's a problem for consumers as well, because if they know which retailer is responsible, they can rule themselves out for being at risk if they don't shop at that retailer."
Paul Stephens, of the San Diego-based consumer advocacy organization Privacy Rights Clearinghouse, said the delay in disclosure "puts consumers in a difficult position because they have no way of knowing whether their accounts may have been impacted."
Eleazer defended Hannaford's actions.
"We moved with all deliberate speed to get out to customers with information that we could have confidence in," she said. "This is a complex undertaking."
The case ranks among the largest breaches on record involving retailers, but far fewer cards were exposed than in the largest hack. That one began in 2005 -- and was disclosed last year -- at TJX Cos., the Framingham, Mass.-based operator of more than 2,500 discount retail stores including T.J. Maxx and Marshalls.
TJX reported at least 45.7 million cards were exposed, while banks' court filings put the number at more than 100 million, but there has been no estimate of the total fraud.
Associated Press Business Writer Mark Jewell in Boston contributed to this report.
4.2 million credit card numbers exposed Hannaford supermarkets suffer data security breach BY DAVID SHARP The Associated Press
PORTLAND, Maine — A security breach at an East Coast supermarket chain exposed more than 4 million card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday. Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique card numbers were exposed, placing the case among the largest data breaches ever. The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products. The company is aware of about 1,800 cases of fraud reported so far relating to the breach. No personal data such as names, addresses or telephone numbers were divulged — just account numbers. Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn’t contained until March 10, said Carol Eleazer, Hannaford’s vice president of marketing in Scarborough. “We have taken aggressive steps to augment our network security capabilities,” Hannaford president and CEO Ronald C. Hodge said in a statement released Monday. “Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.” The company urged its customers to monitor their credit and debit cards for unusual transactions and report any problems to authorities. It also told customers to beware of e-mails and calls from people claiming to represent Hannaford and seeking any personal information. “The latest security breach associated with the Hannaford Brothers supermarket chain highlights the fact that no one is immune from a data breach and the privacy challenges confronting entities that maintain electronic databases,” said Mindy A. Bockstein, Chairperson and Executive Director of the NYS Consumer Protection Board. “The Consumer Protection Board advises consumers to remain vigilant and monitor their credit and billing records on a regular basis in order to detect any unauthorized activity, and respond quickly if needed. “In the interest of consumer trust, customers should receive better notice when this type of breach is suspected or occurs. Important identity theft and security breach information is available on the CPB’s Web site at http://www. nysconsumer.gov, and the CPB stands ready to assist New York consumers with any issues that may arise as a result of this, or any other security breach.” The U.S. Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed it’s investigating but declined to comment on the scope of the crime. “The company did contact us, and we are investigating,” said agency spokesman Malcolm Wiley. MasterCard, the second-biggest U.S. credit card association after Visa, issued a statement before Hannaford’s disclosure: “Because this incident is the subject of an ongoing law enforcement investigation, we cannot disclose additional details regarding the incident or otherwise comment at this time.” Calls to Visa were not returned. Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse, said holders of debit cards involved in the Hannaford case are most at risk of fraud. Banks generally cover costs from fraudulent charges on credit cards, but a criminal could potentially drain a victim’s bank account and leave them with the task of convincing a bank they deserve to be reimbursed. “Any time a debit card number is exposed, the affected individuals need to be contacted immediately, and their accounts should be closed down,” Givens said. Mark Walker, an attorney for the Maine Bankers Association, said his organization sent an advisory to member banks Friday after learning of the breach. Only a few had reported suspicious activity involving the credit and debit cards they had issued customers, Walker said. “I had expected there would be more than we’ve heard of,” Walker said. “But it’s still too early for us to tell.” Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, criticized the delay in public notifi cation of the source of the breach. “Visa and MasterCard have stipulated in their contracts with retailers that they will not divulge who the source is when a data breach occurs,” Spitzer said. “We’ve been engaged in a dialogue for a couple years now about changing this rule. … Without knowing who the retailer is that caused the breach, it’s hard for banks to conduct a good investigation on behalf of their consumers. And it’s a problem for consumers as well, because if they know which retailer is responsible, they can rule themselves out for being at risk if they don’t shop at that retailer.”
I don't shop Hannaford. I do shop Price Chopper occasionally. I usually do 99% of my shopping at BJ's. (my favorite) I am sure that all of these stores are vulnerable to all of these security issues.
I don't shop Hannaford. I do shop Price Chopper occasionally. I usually do 99% of my shopping at BJ's. (my favorite) I am sure that all of these stores are vulnerable to all of these security issues.
I've been doing more and more shopping at BJ's, but I do most of my grocery shopping over at Price Rite.
Isn't it great having a grocery store on the western end of town? Oh, wait, we haven't had one since P&C closed.
I avoid price rite and share my 'wealth' with gabriels, price chopper and hannaford.....BJ's is a waste of money for me.....too big packages with alot of waste....
...you are a product of your environment, your environment is a product of your priorities, your priorities are a product of you......
The replacement of morality and conscience with law produces a deadly paradox.
STOP BEING GOOD DEMOCRATS---STOP BEING GOOD REPUBLICANS--START BEING GOOD AMERICANS
More stores affected by Hannaford breach March 20, 2008 at 10:55 am by Alan Wechsler, Business writer
Independent stores in Ravena and Schaghticoke affiliated with Hannaford were also affected by the recent hacking of customer credit card numbers, the Scarborough, Maine-based supermarket chain said today.
The company’s Web site lists more than 20 independents around the Northeast that had credit card information stolen as a result of the security breach.
Hannaford supplies the Ravena and Schaghticoke stores, which operate under the Shop ‘n Save name, but does not own them. In September, Hannaford purchased formerly independent stores in West Sand Lake and Voorheesville.
Hannaford Bros. Co. officials say they don’t yet know how the breach - which began Dec. 7 and ended March 10 - occurred. About 4.2 million credit and debit card numbers were exposed and at least 1,800 were used illegally.
The information was obtained during the credit card approval process, officials reported Tuesday.
The Hannaford case is among the largest security breaches on record but is still much smaller than the tens of millions of credit cards that were exposed at TJX Cos. of Framingham, Mass., which has 2,500 stores and includes the T.J. Maxx and Marshalls chains.
CAPITAL REGION Breach prompts move by card issuers Banks seeking to protect customers BY JAMES SCHLETT Gazette Reporter
Many Capital Region residents will soon have to begin the tedious task of establishing new directpayment accounts for everything from phone services to gym memberships as area banks and credit unions respond with a heavy hand to the security breach at Hannaford supermarkets. Attempting to shield consumers from the theft of personal credit and debit card numbers at Hannaford, some area financial institutions have resorted to their standard practice of issuing new cards to affected cardholders. “We’re taking proactive steps to ensure our members’ accounts are safe and secure,” said a spokesman for SEFCU, the region’s largest credit union. At SEFCU, that means 30,000 new credit and debit cards will go out to members over the following three weeks. That is twice the number of cards SEFCU reissued last year when hackers stole customer information from TJX Companies, the Framingham, Mass., parent of the T.J. Maxx and Marshalls chains. SEFCU’s Hannaford-sparked reissuance dwarfs the 5,000 cards the Albany credit union sent out after a similar breach at BJ’s Wholesale Club in 2004, according to spokesman John DeCelle. He said the cost to the credit union would be limited to the price of plastic and postage, though he did not have an estimate of the total. TrustCo Bank is reissuing 13,000 cards — more than three times the 4,000 cards it sent out after the TJX breach, said Kevin Timmons, the vice president and treasurer of the Glenville bank. First New York Federal Credit Union is another financial institution that responds to retailer security breaches with blanket card reissuances. A quarter of First New York’s card base was affected by the breach, said Walter Everhardt, marketing director for Colonie credit union. “We’re trying to err on the side of caution,” said Everhardt. The higher volume of reissued cards suggests the Hannaford breach is having a greater impact in the region, even though over 10 times more accounts were compromised in the TJX breach. The TJX incident occurred when hackers broke into a company database. In a new tactic, thieves obtained credit and debit card numbers and expiration dates from Hannaford as customers paid for their groceries at checkout counters. The banks and credit unions are only replacing cards customers used at Hannaford and other affected stores during the period of the breach, which lasted from Dec. 7 to March 10. So far, 1,800 incidents of fraud connected to the breach have been reported. The Scarborough, Maine-based Hannaford Bros. has 164 Northeast supermarkets under its flagship brand and 106 Sweetbay stores in Florida. “We have not had a single customer have a loss due to this. We are doing this proactively,” said Timmons at TrustCo. TD Banknorth has identified instances of fraud related to the Hannaford breach, but it is not reissuing cards on a mass scale, said Jennifer Carlson, a public affairs officer for the Portland, Mainebased bank. Twenty percent of 1st National Bank of Scotia’s card base was affected by the breach, but it is not reissuing cards on a mass scale. The Scotia bank believes its security systems will be able to monitor and control the problem, said 1st National President John Buhrmaster. “To cut off everyone’s cards … causes great inconveniences for customers,” said Buhrmaster. Even without a recall, responding to the breach will cost the bank thousands of dollars, he said. KeyBank credit and debit cardholders accounted for 2 percent of the 4.2 million accounts compromised at Hannaford. Lynne Woodman, a spokeswoman for the Cleveland-based bank, did not know whether any compromised KeyBank debit cards had been used fraudulently. “We were, frankly, a small fry in the breach. But clearly, if your card was affected, then you don’t think this is a small fry,” Woodman said. KeyBank’s branded credit cards are issued by CitiGroup in New York. Citi spokesman Sam Wang said in an e-mail that the credit card issuer will notify and issue new cards “to some customers whom we believe may be subject to increased risk.” Wang would not say how many cards were affected by the Hannaford breach.
Hannaford sued over stolen debit, credit card information Thursday, March 27, 2008 By James Schlett (Contact) Gazette Reporter
ALBANY — The theft of millions of customer credit and debit card numbers from Hannaford Bros. Co. supermarkets is now the subject of a class action lawsuit filed Wednesday in federal court. Nine days after Scarborough, Maine-based Hannaford announced hackers had swiped sensitive information from customers as they paid for groceries, one of the affected shoppers filed the suit in U.S. District Court in Albany. Todd Stevens, the affected customer identified in the suit only as a New York resident, is leading the effort. Stevens claims he has suffered “injuries” due to Hannaford’s alleged failure to provide adequate safeguards to protect customer data. The theft has so far resulted in 1,800 cases of fraud and identity theft and prompted Capital Region banks and credit unions to reissue thousands of credit and debit cards to affected customers. Stevens is also seeking unspecified damages stemming from Hannaford’s alleged “inexplicable delay” in notifying the public about the breach. Hannaford first became aware of the problem on Feb. 27 and did not contain it until March 10. The announcement about the breach came on March 17. “The delay prevented [Stevens and other affected customers] from taking adequate steps to monitor and attempt to safeguard their financial information,” the suit states. Stevens’ attorney, William Ryan Jr., and a Hannaford spokesman did not immediately return calls today. The suit also names as defendents Hannaford’s Salisbury, N.C. parent, Delhaize America. Hannaford has 164 flagship-brand supermarkets in the Northeast and 106 Sweetbay stores in Florida. Stevens is seeking relief from Hannaford, even though many banks have assured affected customers they will not be held liable for the unauthorized use of their cards. Portland, Maine-based TD Banknorth, which has had some customers affected by the Hannaford breach, has a Visa Zero Liability fraud protection program that covers customers targeted by identity thefts.
Wow!! The lawyers are going to have a hay day now. Now don't get me wrong here, Hannaford may have been a bit slack in notifying their customers. I can understand that. But this will open a whole new can of worms in the 'identity theft' world. It happens everyday! And there will be law suits a-plenty now. Just what we need is another reason to hire a lawyer.
This legal action will just invoke businesses to get the 'best and most updated' security available to man. And it will cost big bucks. And guess who they will pass the cost on to? US of course. And what about the smaller businesses who can't afford these high tech security systems that seem to be hacked into eventually. They will be right out of business.
Oh, a can of worms for sure!
When the INSANE are running the ASYLUM In individuals, insanity is rare; but in groups, parties, nations and epochs, it is the rule. -- Friedrich Nietzsche
“How fortunate for those in power that people never think.” Adolph Hitler