Skip to main content

March 2008

 Login  Register for Login
Wish List (0) | Orders (0) | Basket (0)
Go Search
NACS Online > News & Media Center > News: Archives > March 2008 > Hannaford Security Breach Exposes Millions of Card Users’ Data

News & Media

Hannaford Security Breach Exposes Millions of Card Users’ Data 
March 20, 2008 

HOFFMAN ESTATES, IL – New England-based grocery chain Hannaford Bros. Inc. fell victim this week to a data breach that exposed millions of its customers’ credit and debit card information. The grocery chain was PCI compliant at the time of exposure, and has been for about a year, reports Digital Transactions News.

“According to Associated Press and Boston Globe reports, the breach has resulted in 1,800 confirmed cases of fraud. The breach reportedly involved all 165 Hannaford Bros. stores in the Northeast, 106 stores in Florida of corporate affiliate Sweetbay, and a smaller number of independent grocery stores in the Northeast that carry Hannaford products,” writes the news source, adding that Hannaford reportedly became aware of the breach on February 27, “though investigation showed it began December 7, and it wasn’t ‘contained’ until March 10, according to the AP.”

The news source also writes that Hannaford’s data breach may be the first publicly known breach of its kind by a merchant that is PCI compliant.

“We were certified [as PCI-compliant] last spring and we were recertified in February,” Carol Eleazer, Hannaford’s vice president of marketing, told Digital Transactions.

In a statement released by Hannaford on Monday, Ronald Hodge, president and CEO, noted that company “has contained a data intrusion into its computer network that resulted in the theft of customer credit and debit card numbers. No personal information, such as names or addresses, was accessed. Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.”

Hodge also indicated in a statement that the data breach happened during the transaction process, writes the news source. “The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization.”

As of Tuesday, Digital Transactions reported that Hannaford did not have more information as to how the data breach occurred, but that it is now under investigation by the U.S. Secret Service as well as experts both inside and outside of the company. However, Eleazer commented that Hannaford had been using data encryption in 2007, and had just recently upgraded its wireless encryption.