Hannaford Data Breach is Likely Much Worse Than Reported

By PatB
Contributing Writer, [GAS]

Hannaford Brothers Supermarkets, a large New England grocery store chain, reported that they suffered a data breach.  The store’s network was penetrated and hackers were listening in during credit card authorizations.  Already, there are 1,800 confirmed cases of fraud associated with the breach.  At risk are 4.2 Million additional credit card accounts.

From WBZ here:

A security breach at an East Coast supermarket chain exposed 4.2 million credit and debit card numbers and led to 1,800 cases of fraud, the Hannaford Bros. grocery chain announced Monday. Credit and debit card numbers were stolen during the card authorization process and about 4.2 million unique account numbers were exposed.

The breach affected all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.

Hannaford became aware of the breach Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn’t contained until March 10, said Carol Eleazer, Hannaford’s vice president of marketing in Scarborough.

“We have taken aggressive steps to augment our network security capabilities,” Hannaford president and CEO Ronald C. Hodge said in a statement released Monday.

The company urged its customers to monitor their credit and debit cards for unusual transactions and report any problems to authorities.

I happen to speak fluent security-breach double speak.   When Hannaford says that the breach began on December 7th, they mean they only have logs dating back that far.  When the CEO says they are taking aggressive steps to augment their network security, he really means that they are going to get a firewall, an IDS, and start segmenting their database from the rest of the network like they are supposed to do.

And when the Vice President of Marketing gets quoted in the press talking about the security breach, it means that there is no CIO (Chief Information Officer) at the company.  It means their network was designed haphazardly with only a minimal thought to security.  What, they couldn’t get a quote from the President of Marketing?  How does the dairy stocker in store 413 feel about the breach?  He probably knows as much about network security as the Marketing VP.

All of this means that as the days go on, you will see more and more headlines talking about this breach being much worse than originally thought. The number of fraud cases will climb precipitously… and no one will be fired from Hannaford.

If you shop there and have used a credit card, get a copy of your credit report ASAP.

By law, you get one free credit report per year. You can contact them below.

Equifax: 800-685-1111; www.equifax.com

Experian: 888-EXPERIAN (888-397-3742); www.experian.com

TransUnion: 800-916-8800; www.transunion.com

If unauthorized changes in your credit reports are detected, you may be a victim of identity theft. A great resource to help guide you in recovery from identity theft is at the FTC here.

Geeks are Sexy needs YOUR help. Learn more about how YOU can support us here.