Monday, the Hannaford Bros. supermarket chain announced that hackers gained access to details of 4.2 million credit and debit card numbers used by customers between December 2007 and early March 2008. Hannaford has 165 grocery stores in New England. Another affected name, Sweetbay, has 106 supermarkets in Florida. According to reports, the Secret Service is investigating and approximately 1800 fraud cases have already been reported as a result of the incident.
"We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry. The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization," said Ronald C. Hodge, President and CEO of Hannaford in a statement. "Hannaford is cooperating with credit and debit card issuers to ensure those customers who may be affected by the theft are protected. We also alerted law enforcement authorities, and are working closely with them to help identify those responsible."
"Hannaford and its customers are victims of a criminal heist. All big businesses must defend their systems from these kind of intrusions or risk undermining customer confidence," said Graham Cluley, senior technology consultant at Sophos. "Consumers, meanwhile, need to keep a close eye on their credit card accounts and raise a flag if there are unexpected debits which could be the work of fraudsters. The concern is that with 'fresh' credit card numbers and expiry dates in circulation, crimes may continue to be committed against those unfortunate enough to have had their data stolen.
"This isn't about entering your credit card details on a dodgy Web site, but a case where you hand over your card to a cashier in a store that you would normally trust to look after your data," Cluley continued. "Potentially affected consumers should watch their card statements like a hawk, and other businesses should take this as a wake-up call to ensure that they have strong security in place to avoid a similar incident happening to them."
Experts note that this is not the first time a well-known retail chain has had credit card information stolen from it.
"This hack may not be as huge as the TJMaxx data breach which exposed up to 100 million credit cards, but it is still serious for those who may be impacted," said Cluley. "Thankfully it appears that on this occasion address and other contact details were not also acquired by the criminals, but people should not disregard the potential for more attempts at fraud."