Welcome, Guest.
Please login or register.
Hannaford Security Breach
Rotterdam NY...the people's voice    Rotterdam's Virtual Internet Community    Inside Rotterdam  ›  Hannaford Security Breach Moderators: Admin
Users Browsing Forum
No Members and 73 Guests

Hannaford Security Breach  This thread currently has 2,931 views. |
2 Pages 1 2 » Recommend Thread
Admin
March 17, 2008, 8:03pm Report to Moderator
Board Moderator
Posts
18,484
Reputation
64.00%
Reputation Score
+16 / -9
Time Online
769 days 23 minutes
http://www.fox23news.com
Quoted Text
Hannaford Security Breach

There has been a security breach involving all Hannaford stores in the Northeast.
Hannaford says credit and debit card numbers were stolen during the card authorization process.
It's believed over 4 million account numbers have been exposed.
So far they are aware of about 1,800 cases of fraud.
The breach began on December 7th, and was contained last week.
Shoppers are being told to keep a close eye on credit and debit accounts for any unusual transactions.


Logged
Private Message
MobileTerminal
March 17, 2008, 8:37pm Report to Moderator
Guest User
Oh Great   I don't shop at PC - and ALWAYS use my debit card at Hannaford.

Time to dig out my fine toothed comb and go over my statements.
Logged
E-mail Reply: 1 - 25
MobileTerminal
March 17, 2008, 8:38pm Report to Moderator
Guest User
Quoted Text
A Message From Hannaford CEO Ron Hodge

Dear Customer:

Hannaford has contained a data intrusion into its computer network that resulted in the theft of customer credit and debit card numbers. No personal information, such as names or addresses, was accessed. Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.

We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry. The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization.

The intrusion affected Hannaford stores, Sweetbay stores in Florida and certain independently-owned retail locations in the Northeast that carry Hannaford products.

For more than 125 years, Hannaford has been dedicated to earning customer trust, and we want to provide you with these recommended steps:

- Carefully review your financial institution and credit card statements, and immediately contact your credit card company or issuing bank with any questions or concerns about individual charges.
- For more information or with questions, please call our Customer Information Center at 866-591-4580.

Hannaford is cooperating with credit and debit card issuers to ensure those customers who may be affected by the theft are protected. We also alerted law enforcement authorities, and are working closely with them to help identify those responsible.

We realize this incident may raise concerns and questions for our customers, and we sincerely regret any inconvenience this attack on our system may cause you. As always, we appreciate you choosing to shop at Hannaford. We remain committed to providing you with the finest foods and a clean, friendly and secure shopping experience.

Sincerely,

Ronald C. Hodge
President and CEO
Hannaford


http://www.hannaford.com/Contents/News_Events/News/News.shtml



Logged
E-mail Reply: 2 - 25
MobileTerminal
March 18, 2008, 3:31am Report to Moderator
Guest User
Quoted Text
Breach Exposes 4.2M Credit, Debit Cards
Monday March 17, 7:10 pm ET
By David Sharp, Associated Press Writer
East Coast Data Breach Exposes 4.2 Million Accounts, Causes 1,800 Known Cases of Fraud

PORTLAND, Maine (AP) -- A security breach at an East Coast supermarket chain exposed more than 4 million card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday.

ADVERTISEMENT
Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique card numbers were exposed, placing the case among the largest data breaches ever.

The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.

The company is aware of about 1,800 cases of fraud reported so far relating to the breach. No personal data such as names, addresses or telephone numbers were divulged -- just account numbers.

Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn't contained until March 10, said Carol Eleazer, Hannaford's vice president of marketing in Scarborough.

"We have taken aggressive steps to augment our network security capabilities," Hannaford president and CEO Ronald C. Hodge said in a statement released Monday. "Hannaford doesn't collect, know or keep any personally identifiable customer information from transactions."

The company urged its customers to monitor their credit and debit cards for unusual transactions and report any problems to authorities. It also told customers to beware of e-mails and calls from people claiming to represent Hannaford and seeking any personal information.

The U.S. Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed it's investigating but declined to comment on the scope of the crime.

"The company did contact us, and we are investigating," said agency spokesman Malcolm Wiley.

MasterCard, the second-biggest U.S. credit card association after Visa, issued a statement before Hannaford's disclosure: "Because this incident is the subject of an ongoing law enforcement investigation, we cannot disclose additional details regarding the incident or otherwise comment at this time."

Calls to Visa were not returned.

Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse, said holders of debit cards involved in the Hannaford case are most at risk of fraud. Banks generally cover costs from fraudulent charges on credit cards, but a criminal could potentially drain a victim's bank account and leave them with the task of convincing a bank they deserve to be reimbursed.

"Any time a debit card number is exposed, the affected individuals need to be contacted immediately, and their accounts should be closed down," Givens said.

Mark Walker, an attorney for the Maine Bankers Association, said his organization sent an advisory to member banks Friday after learning of the breach. Only a few had reported suspicious activity involving the credit and debit cards they had issued customers, Walker said.

"I had expected there would be more than we've heard of," Walker said. "But it's still too early for us to tell."

Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, criticized the delay in public notification of the source of the breach.

"Visa and MasterCard have stipulated in their contracts with retailers that they will not divulge who the source is when a data breach occurs," Spitzer said. "We've been engaged in a dialogue for a couple years now about changing this rule.... Without knowing who the retailer is that caused the breach, it's hard for banks to conduct a good investigation on behalf of their consumers. And it's a problem for consumers as well, because if they know which retailer is responsible, they can rule themselves out for being at risk if they don't shop at that retailer."

Paul Stephens, of the San Diego-based consumer advocacy organization Privacy Rights Clearinghouse, said the delay in disclosure "puts consumers in a difficult position because they have no way of knowing whether their accounts may have been impacted."

Eleazer defended Hannaford's actions.

"We moved with all deliberate speed to get out to customers with information that we could have confidence in," she said. "This is a complex undertaking."

The case ranks among the largest breaches on record involving retailers, but far fewer cards were exposed than in the largest hack. That one began in 2005 -- and was disclosed last year -- at TJX Cos., the Framingham, Mass.-based operator of more than 2,500 discount retail stores including T.J. Maxx and Marshalls.

TJX reported at least 45.7 million cards were exposed, while banks' court filings put the number at more than 100 million, but there has been no estimate of the total fraud.

Associated Press Business Writer Mark Jewell in Boston contributed to this report.


http://biz.yahoo.com/ap/080317/retail_data_breach.html?.v=5
Logged
E-mail Reply: 3 - 25
Admin
March 18, 2008, 5:47am Report to Moderator
Board Moderator
Posts
18,484
Reputation
64.00%
Reputation Score
+16 / -9
Time Online
769 days 23 minutes
http://www.dailygazette.com
Quoted Text
4.2 million credit card numbers exposed
Hannaford supermarkets suffer data security breach

BY DAVID SHARP The Associated Press

    PORTLAND, Maine — A security breach at an East Coast supermarket chain exposed more than 4 million card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday.
    Hannaford said credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique card numbers were exposed, placing the case among the largest data breaches ever.
    The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.
    The company is aware of about 1,800 cases of fraud reported so far relating to the breach. No personal data such as names, addresses or telephone numbers were divulged — just account numbers.
    Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn’t contained until March 10, said Carol Eleazer, Hannaford’s vice president of marketing in Scarborough.
    “We have taken aggressive steps to augment our network security capabilities,” Hannaford president and CEO Ronald C. Hodge said in a statement released Monday. “Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.”
    The company urged its customers to monitor their credit and debit cards for unusual transactions and report any problems to authorities. It also told customers to beware of e-mails and calls from people claiming to represent Hannaford and seeking any personal information.
    “The latest security breach associated with the Hannaford Brothers supermarket chain highlights the fact that no one is immune from a data breach and the privacy challenges confronting entities that maintain electronic databases,” said Mindy A. Bockstein, Chairperson and Executive Director of the NYS Consumer Protection Board. “The Consumer Protection Board advises consumers to remain vigilant and monitor their credit and billing records on a regular basis in order to detect any unauthorized activity, and respond quickly if needed.
    “In the interest of consumer trust, customers should receive better notice when this type of breach is suspected or occurs. Important identity theft and security breach information is available on the CPB’s Web site at http://www. nysconsumer.gov, and the CPB stands ready to assist New York consumers with any issues that may arise as a result of this, or any other security breach.”
    The U.S. Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed it’s investigating but declined to comment on the scope of the crime.
    “The company did contact us, and we are investigating,” said agency spokesman Malcolm Wiley.
    MasterCard, the second-biggest U.S. credit card association after Visa, issued a statement before Hannaford’s disclosure: “Because this incident is the subject of an ongoing law enforcement investigation, we cannot disclose additional details regarding the incident or otherwise comment at this time.”
    Calls to Visa were not returned.
    Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse, said holders of debit cards involved in the Hannaford case are most at risk of fraud. Banks generally cover costs from fraudulent charges on credit cards, but a criminal could potentially drain a victim’s bank account and leave them with the task of convincing a bank they deserve to be reimbursed.
    “Any time a debit card number is exposed, the affected individuals need to be contacted immediately, and their accounts should be closed down,” Givens said.
    Mark Walker, an attorney for the Maine Bankers Association, said his organization sent an advisory to member banks Friday after learning of the breach. Only a few had reported suspicious activity involving the credit and debit cards they had issued customers, Walker said.
    “I had expected there would be more than we’ve heard of,” Walker said. “But it’s still too early for us to tell.”
    Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, criticized the delay in public notifi cation of the source of the breach.
    “Visa and MasterCard have stipulated in their contracts with retailers that they will not divulge who the source is when a data breach occurs,” Spitzer said. “We’ve been engaged in a dialogue for a couple years now about changing this rule. … Without knowing who the retailer is that caused the breach, it’s hard for banks to conduct a good investigation on behalf of their consumers. And it’s a problem for consumers as well, because if they know which retailer is responsible, they can rule themselves out for being at risk if they don’t shop at that retailer.”
Logged
Private Message Reply: 4 - 25
JoAnn
March 18, 2008, 4:44pm Report to Moderator
Administrator Group
Posts
2,047
Reputation
60.00%
Reputation Score
+3 / -2
Time Online
19 days 19 hours 27 minutes
I don't shop Hannaford. I do shop Price Chopper occasionally. I usually do 99% of my shopping at BJ's. (my favorite) I am sure that all of these stores are vulnerable to all of these security issues.
Logged
Private Message Reply: 5 - 25
Kevin March
March 18, 2008, 5:17pm Report to Moderator

Hero Member
Posts
3,071
Reputation
83.33%
Reputation Score
+10 / -2
Time Online
88 days 15 hours 44 minutes
Quoted from JoAnn
I don't shop Hannaford. I do shop Price Chopper occasionally. I usually do 99% of my shopping at BJ's. (my favorite) I am sure that all of these stores are vulnerable to all of these security issues.


I've been doing more and more shopping at BJ's, but I do most of my grocery shopping over at Price Rite.

Isn't it great having a grocery store on the western end of town?  Oh, wait, we haven't had one since P&C closed.  


Logged Offline
Site Private Message YIM Reply: 6 - 25
senders
March 18, 2008, 7:28pm Report to Moderator
Hero Member
Posts
29,348
Reputation
70.97%
Reputation Score
+22 / -9
Time Online
1574 days 2 hours 22 minutes
I avoid price rite and share my 'wealth' with gabriels, price chopper and hannaford.....BJ's is a waste of money for me.....too big packages with alot of waste....


...you are a product of your environment, your environment is a product of your priorities, your priorities are a product of you......

The replacement of morality and conscience with law produces a deadly paradox.


STOP BEING GOOD DEMOCRATS---STOP BEING GOOD REPUBLICANS--START BEING GOOD AMERICANS

Logged Offline
Private Message Reply: 7 - 25
MobileTerminal
March 18, 2008, 9:09pm Report to Moderator
Guest User
Talked to Sunmark today - they're re-issuing cards for a LOT of people.  Over 10k members are potentially vulnerable, just from Sunmark
Logged
E-mail Reply: 8 - 25
MobileTerminal
March 20, 2008, 1:14pm Report to Moderator
Guest User
Found this here: http://blogs.timesunion.com/business/?p=3241

Quoted Text
More stores affected by Hannaford breach
March 20, 2008 at 10:55 am by Alan Wechsler, Business writer

Independent stores in Ravena and Schaghticoke affiliated with Hannaford were also affected by the recent hacking of customer credit card numbers, the Scarborough, Maine-based supermarket chain said today.

The company’s Web site lists more than 20 independents around the Northeast that had credit card information stolen as a result of the security breach.

Hannaford supplies the Ravena and Schaghticoke stores, which operate under the Shop ‘n Save name, but does not own them.  In September, Hannaford purchased formerly independent stores in West Sand Lake and Voorheesville.

Hannaford Bros. Co. officials say they don’t yet know how the breach - which began Dec. 7 and ended March 10 - occurred. About 4.2 million credit and debit card numbers were exposed and at least 1,800 were used illegally.

The information was obtained during the credit card approval process, officials reported Tuesday.

The Hannaford case is among the largest security breaches on record but is still much smaller than the tens of millions of credit cards that were exposed at TJX Cos. of Framingham, Mass., which has 2,500 stores and includes the T.J. Maxx and Marshalls chains.
Logged
E-mail Reply: 9 - 25
Admin
March 27, 2008, 2:52am Report to Moderator
Board Moderator
Posts
18,484
Reputation
64.00%
Reputation Score
+16 / -9
Time Online
769 days 23 minutes
http://www.dailygazette.com
Quoted Text
CAPITAL REGION
Breach prompts move by card issuers
Banks seeking to protect customers

BY JAMES SCHLETT Gazette Reporter

    Many Capital Region residents will soon have to begin the tedious task of establishing new directpayment accounts for everything from phone services to gym memberships as area banks and credit unions respond with a heavy hand to the security breach at Hannaford supermarkets.
    Attempting to shield consumers from the theft of personal credit and debit card numbers at Hannaford, some area financial institutions have resorted to their standard practice of issuing new cards to affected cardholders.
    “We’re taking proactive steps to ensure our members’ accounts are safe and secure,” said a spokesman for SEFCU, the region’s largest credit union.
    At SEFCU, that means 30,000 new credit and debit cards will go out to members over the following three weeks. That is twice the number of cards SEFCU reissued last year when hackers stole customer information from TJX Companies, the Framingham, Mass., parent of the T.J. Maxx and Marshalls chains.
    SEFCU’s Hannaford-sparked reissuance dwarfs the 5,000 cards the Albany credit union sent out after a similar breach at BJ’s Wholesale Club in 2004, according to spokesman John DeCelle.
    He said the cost to the credit union would be limited to the price of plastic and postage, though he did not have an estimate of the total.
    TrustCo Bank is reissuing 13,000 cards — more than three times the 4,000 cards it sent out after the TJX breach, said Kevin Timmons, the vice president and treasurer of the Glenville bank.
    First New York Federal Credit Union is another financial institution that responds to retailer security breaches with blanket card reissuances. A quarter of First New York’s card base was affected by the breach, said Walter Everhardt, marketing director for Colonie credit union.
    “We’re trying to err on the side of caution,” said Everhardt.
    The higher volume of reissued cards suggests the Hannaford breach is having a greater impact in the region, even though over 10 times more accounts were compromised in the TJX breach.
    The TJX incident occurred when hackers broke into a company database. In a new tactic, thieves obtained credit and debit card numbers and expiration dates from Hannaford as customers paid for their groceries at checkout counters.
    The banks and credit unions are only replacing cards customers used at Hannaford and other affected stores during the period of the breach, which lasted from Dec. 7 to March 10. So far, 1,800 incidents of fraud connected to the breach have been reported.
    The Scarborough, Maine-based Hannaford Bros. has 164 Northeast supermarkets under its flagship brand and 106 Sweetbay stores in Florida.
    “We have not had a single customer have a loss due to this. We are doing this proactively,” said Timmons at TrustCo.
    TD Banknorth has identified instances of fraud related to the Hannaford breach, but it is not reissuing cards on a mass scale, said Jennifer Carlson, a public affairs officer for the Portland, Mainebased bank.
    Twenty percent of 1st National Bank of Scotia’s card base was affected by the breach, but it is not reissuing cards on a mass scale. The Scotia bank believes its security systems will be able to monitor and control the problem, said 1st National President John Buhrmaster.
    “To cut off everyone’s cards … causes great inconveniences for customers,” said Buhrmaster.
    Even without a recall, responding to the breach will cost the bank thousands of dollars, he said.
    KeyBank credit and debit cardholders accounted for 2 percent of the 4.2 million accounts compromised at Hannaford. Lynne Woodman, a spokeswoman for the Cleveland-based bank, did not know whether any compromised KeyBank debit cards had been used fraudulently.
    “We were, frankly, a small fry in the breach. But clearly, if your card was affected, then you don’t think this is a small fry,” Woodman said.
    KeyBank’s branded credit cards are issued by CitiGroup in New York. Citi spokesman Sam Wang said in an e-mail that the credit card issuer will notify and issue new cards “to some customers whom we believe may be subject to increased risk.”
    Wang would not say how many cards were affected by the Hannaford breach.
Logged
Private Message Reply: 10 - 25
MobileTerminal
March 27, 2008, 5:05am Report to Moderator
Guest User
Anyone who used a Paypal debit card @ Hannaford was automatically cancelled and needs to / will be issued a new card (takes about 2 weeks)
Logged
E-mail Reply: 11 - 25
Admin
March 27, 2008, 4:19pm Report to Moderator
Board Moderator
Posts
18,484
Reputation
64.00%
Reputation Score
+16 / -9
Time Online
769 days 23 minutes
http://www.dailygazette.com
Quoted Text
Hannaford sued over stolen debit, credit card information
Thursday, March 27, 2008
By James Schlett (Contact)
Gazette Reporter

ALBANY — The theft of millions of customer credit and debit card numbers from Hannaford Bros. Co. supermarkets is now the subject of a class action lawsuit filed Wednesday in federal court.
Nine days after Scarborough, Maine-based Hannaford announced hackers had swiped sensitive information from customers as they paid for groceries, one of the affected shoppers filed the suit in U.S. District Court in Albany.
Todd Stevens, the affected customer identified in the suit only as a New York resident, is leading the effort. Stevens claims he has suffered “injuries” due to Hannaford’s alleged failure to provide adequate safeguards to protect customer data. The theft has so far resulted in 1,800 cases of fraud and identity theft and prompted Capital Region banks and credit unions to reissue thousands of credit and debit cards to affected customers.
Stevens is also seeking unspecified damages stemming from Hannaford’s alleged “inexplicable delay” in notifying the public about the breach. Hannaford first became aware of the problem on Feb. 27 and did not contain it until March 10. The announcement about the breach came on March 17.
“The delay prevented [Stevens and other affected customers] from taking adequate steps to monitor and attempt to safeguard their financial information,” the suit states.
Stevens’ attorney, William Ryan Jr., and a Hannaford spokesman did not immediately return calls today.
The suit also names as defendents Hannaford’s Salisbury, N.C. parent, Delhaize America. Hannaford has 164 flagship-brand supermarkets in the Northeast and 106 Sweetbay stores in Florida.
Stevens is seeking relief from Hannaford, even though many banks have assured affected customers they will not be held liable for the unauthorized use of their cards. Portland, Maine-based TD Banknorth, which has had some customers affected by the Hannaford breach, has a Visa Zero Liability fraud protection program that covers customers targeted by identity thefts.
Logged
Private Message Reply: 12 - 25
bumblethru
March 27, 2008, 5:22pm Report to Moderator
Hero Member
Posts
30,841
Reputation
78.26%
Reputation Score
+36 / -10
Time Online
412 days 18 hours 59 minutes
Wow!! The lawyers are going to have a hay day now. Now don't get me wrong here, Hannaford may have been a bit slack in notifying their customers. I can understand that. But this will open a whole new can of worms in the 'identity theft' world. It happens everyday! And there will be law suits a-plenty now. Just what we need is another reason to hire a lawyer.

This legal action will just invoke businesses to get the 'best and most updated' security available to man. And it will cost big bucks. And guess who they will pass the cost on to? US of course. And what about the smaller businesses who can't afford these high tech security systems that seem to be hacked into eventually. They will be right out of business.

Oh, a can of worms for sure!


When the INSANE are running the ASYLUM
In individuals, insanity is rare; but in groups, parties, nations and epochs, it is the rule. -- Friedrich Nietzsche


“How fortunate for those in power that people never think.”
Adolph Hitler
Logged
Private Message Reply: 13 - 25
senders
March 27, 2008, 5:36pm Report to Moderator
Hero Member
Posts
29,348
Reputation
70.97%
Reputation Score
+22 / -9
Time Online
1574 days 2 hours 22 minutes
that can of worms will be:

W-world
O-order
R-real
M-money........

aka-RealID......we will protect you and save your chickensmoneyvirtual moneycreditsworth


...you are a product of your environment, your environment is a product of your priorities, your priorities are a product of you......

The replacement of morality and conscience with law produces a deadly paradox.


STOP BEING GOOD DEMOCRATS---STOP BEING GOOD REPUBLICANS--START BEING GOOD AMERICANS

Logged Offline
Private Message Reply: 14 - 25
2 Pages 1 2 » Recommend Thread
|


Thread Rating
There is currently no rating for this thread