By Robert McMillan
IDG News Service
March 17, 2008
Data thieves broke into computers at supermarket chains Hannaford
Brothers and Sweetbay, stealing an estimated 4.2 million credit and
debit card numbers, Hannaford said Monday.
"The stolen data was limited to credit and debit card numbers and
expiration dates, and was illegally accessed from our computer systems
during transmission of card authorization," said Hannaford CEO Ron
Hodge, in a statement posted to the company's Web site.
Hannaford became aware of the theft on Feb. 27 following reports of
suspicious credit card activity. The crime, which occurred some time
between December and March, is one of the largest reported data thefts
from a retailer in U.S. history.
"Somebody hacked into their system," said Mark Walker, vice president
and counsel with the Maine Bankers Association, which started informing
its 15 member banks of the breach last Friday.
Although only credit and debit card numbers were stolen -- not names or
addresses -- Walker said that some cases of identity theft had been
associated with the incident.
The Associated Press reported Monday that more than 1,800 cases of fraud
had been linked to the theft, which affects 4.2 million credit and debit
That's far fewer account numbers than in the nation's largest retail
data theft. In 2005, hackers gained access to computer systems at
Massachusetts-based TJX Companies, owners of T.J.Maxx, Marshalls and
Bob's Stores. That breach affected more than 94 million credit and debit
Hannaford is owned by Belgian supermarket giant Delhaize Group, which
operates about 1,500 stores in the eastern U.S. In addition to Hannaford
Brothers, it owns Food Lion, Bloom, Bottom Dollar, Harveys, Kash n'
Karry, and Sweetbay grocery stores.
Hannaford stores in New England and New York state were hit with the
theft, as were the company's Sweetbay stores in Florida, according to
the Hannaford Web site. The company warned that some independent retail
locations in the Northeast that carry Hannaford products were also
Close to 70 Massachusetts banks have been contacted by Visa and
MasterCard about the incident, which occurred between December and
March, the Massachusetts Bankers Association (MBA) said Monday in a
"The MBA estimates that hundreds of thousands of credit and debit cards
owned by consumers in Massachusetts and northern New England states
could be affected, and is urging consumers to monitor their accounts,"
the bankers association said.
MasterCard characterized the incident as a "potential security breach"
and issued a statement saying that the matter is being investigated by
law enforcement. Because of the ongoing investigation, however, the
credit card company declined to provide additional details.
A Secret Service spokesman confirmed Monday that his agency, which
pursues financial crimes, is investigating.
Delhaize and Hannaford representatives did not return telephone calls
and e-mails seeking comment on Monday. On its Web site, Hannaford is
advising customers looking for help with the matter to call its support
line at 1-866-591-4580.
Because Hannaford does not associate addresses or names with its credit
card numbers, it is unable to notify those who have had their credit
card numbers compromised, the company said.
Subscribe to InfoSec News