[ISN] Data thieves steal credit card data from supermarket chain

From: InfoSec News (alerts@private)
Date: Tue Mar 18 2008 - 00:45:37 PST


http://www.infoworld.com/article/08/03/17/Data-thieves-steal-credit-card-data-from-supermarket-chain_1.html

By Robert McMillan
IDG News Service
March 17, 2008

Data thieves broke into computers at supermarket chains Hannaford 
Brothers and Sweetbay, stealing an estimated 4.2 million credit and 
debit card numbers, Hannaford said Monday.

"The stolen data was limited to credit and debit card numbers and 
expiration dates, and was illegally accessed from our computer systems 
during transmission of card authorization," said Hannaford CEO Ron 
Hodge, in a statement posted to the company's Web site.

Hannaford became aware of the theft on Feb. 27 following reports of 
suspicious credit card activity. The crime, which occurred some time 
between December and March, is one of the largest reported data thefts 
from a retailer in U.S. history.

"Somebody hacked into their system," said Mark Walker, vice president 
and counsel with the Maine Bankers Association, which started informing 
its 15 member banks of the breach last Friday.

Although only credit and debit card numbers were stolen -- not names or 
addresses -- Walker said that some cases of identity theft had been 
associated with the incident.

The Associated Press reported Monday that more than 1,800 cases of fraud 
had been linked to the theft, which affects 4.2 million credit and debit 
card numbers.

That's far fewer account numbers than in the nation's largest retail 
data theft. In 2005, hackers gained access to computer systems at 
Massachusetts-based TJX Companies, owners of T.J.Maxx, Marshalls and 
Bob's Stores. That breach affected more than 94 million credit and debit 
card accounts.

Hannaford is owned by Belgian supermarket giant Delhaize Group, which 
operates about 1,500 stores in the eastern U.S. In addition to Hannaford 
Brothers, it owns Food Lion, Bloom, Bottom Dollar, Harveys, Kash n' 
Karry, and Sweetbay grocery stores.

Hannaford stores in New England and New York state were hit with the 
theft, as were the company's Sweetbay stores in Florida, according to 
the Hannaford Web site. The company warned that some independent retail 
locations in the Northeast that carry Hannaford products were also 
affected.

Close to 70 Massachusetts banks have been contacted by Visa and 
MasterCard about the incident, which occurred between December and 
March, the Massachusetts Bankers Association (MBA) said Monday in a 
statement.

"The MBA estimates that hundreds of thousands of credit and debit cards 
owned by consumers in Massachusetts and northern New England states 
could be affected, and is urging consumers to monitor their accounts," 
the bankers association said.

MasterCard characterized the incident as a "potential security breach" 
and issued a statement saying that the matter is being investigated by 
law enforcement. Because of the ongoing investigation, however, the 
credit card company declined to provide additional details.

A Secret Service spokesman confirmed Monday that his agency, which 
pursues financial crimes, is investigating.

Delhaize and Hannaford representatives did not return telephone calls 
and e-mails seeking comment on Monday. On its Web site, Hannaford is 
advising customers looking for help with the matter to call its support 
line at 1-866-591-4580.

Because Hannaford does not associate addresses or names with its credit 
card numbers, it is unable to notify those who have had their credit 
card numbers compromised, the company said.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Mar 18 2008 - 01:02:08 PST