Thieves Snag 4.2 Million Credit Card Numbers from Supermarket Chain
Since December of 2007, the massive grocery store chains Hannaford Brothers and Sweetbay were hit by one of the largest incidents of credit and debit card data theft the U.S. has ever seen. Hannaford Bros., which owns the supermarket chains in the Northeast United States and Florida, announced on Monday that thieves had snagged an estimated 4.2 million card numbers and expiration dates, though not names or addresses. The thefts occurred during the authorization process that takes place when users are buying groceries at the the checkout counter with a credit or debit card.
The Associated Press reports that 1,800 incidences of fraud have been associated with the theft, as well as some occurrences of identity theft. Hannaford doesn't associate credit card numbers with names and addresses, which has lessened the impact of the data theft, but it has also made it impossible for the company to identify and contact those affected. Customers seeking help or information are encouraged to call the company at 1-866-591-4580.
Though this is one of the largest instances of data theft in the country, it pales in comparison to the largest which took place in 2005, when hackers gained access to the systems of TJX Companies, the owners of Marshall's, TJ Maxx, and Bob's. In that theft, over 94 million credit and debit card numbers were compromised.
The most unsettling detail is that Hannaford seems to have little indication as to when or how the theft occurred. The company became aware of the theft on February 27, after reports of suspicious credit activity. The numbers were stolen sometime between December and that date, but Hannaford was unable, or unwilling to divulge further details. If major companies can't even be sure when or how their systems are compromised truly secure Internet transactions may be nothing more than a pipe-dream.
From InfoWorld and AOL News/AP
Related Links:
Reader Comments (Page 1 of 1)
Benjamin Wright @ Mar 18th 2008 1:44PM
Spectacular announcements about massive data security breaches do the public little good. The implication of these announcements is that some data (i.e., that which are the subject of the announcements) are more exposed than other data. As a practical matter that is false. All personally identifiable data are more or less exposed all the time. And successful exploitation of that data by an identity thief requires a lot of work and luck. Socially responsible data-holders should set a high threshold of proof before concluding that a "data security compromise" worthy of announcement has occurred for any given unit of data. http://hack-igations.blogspot.com/2007/09/definition-of-data-security-breach.html (Data-holders should of course consult their attorneys.)
leapgal44 @ Mar 21st 2008 9:42AM
Companies want the public to pay extra charges for protecting your account information. This is not the public's responsibility, as per the incident stated in this article. The companies who issue credit/debit cards, and the machines that authorize payments are however. Yes, I would say. contact an attorney regarding any breach of your account information.
KARON @ Apr 12th 2008 6:26AM
I WAS HIT AS WILL , THIS IS THE WORST THING I HAVE EVER BEEN THROUGH , NOW I AM BEING TOLD TO GET A LAWERY. ALL MY MONEY IS GONE . I DID FIND ONE PLACE THAT MY CARD WAS USED IN NEW YORK. HOPE THEY CATCH THEM