Hannaford Supermarket Chain - 4.2 Million Credit Card Numbers Stolen - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Hannaford Supermarket Chain - 4.2 Million Credit Card Numbers Stolen

Unfortunately, Hannaford experienced a "targeted" attack, which is a growing trend in malware related incidents. AV controls may or may not handle these uniquely crafted attacks although other layers of defense should helped detect or mitigate this incident. Another disturbing aspect of this attack was that Hannaford was also rated as being PCI/DSS compliant

Hannaford Supermarket Chain - 4.2 Million Credit Card Numbers Stolen
http://www.nytimes.com/aponline/technology/AP-Retail-Data-Breach.html
http://www.foxnews.com/story/0,2933,338712,00.html
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9068999
http://www.wmur.com/money/15668396/detail.html
http://www.msnbc.msn.com/id/23729815/

Hannaford Supermarket - Press Release
(What to do if you are a victim)
http://www.hannaford.com/Contents/News_Events/News/News.shtml
http://www.hannaford.com/credit_card_security/

Hannaford may not have to pay banks' breach costs under PCI, says Gartner
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9072678

QUOTE: PORTLAND, Maine (AP) -- Unauthorized software that was secretly installed on servers in Hannaford Bros. Co.'s supermarkets across the Northeast and in Florida enabled the massive data breach that compromised up to 4.2 million credit and debit cards, the company said Friday.

The Scarborough, Maine-based grocer confirmed a report in The Boston Globe that it told Massachusetts regulators this week about the link between the breach and the illicit programs, known as malware. The company doesn't know how the malware -- short for malicious software -- got onto nearly all its 271 stores' servers, Hannaford spokeswoman Carol Eleazer said.

Virtually everything is possible, she said. There are still many, many aspects that we don't totally understand. At least 1,800 cases of fraud have been linked to the data breach, with unauthorized charges showing up as far afield as Mexico, Italy and Bulgaria.

The breach has prompted concern in the industry because it appeared to be the first large-scale theft of credit and debit card numbers while the information was in transit. Hannaford has said its breach, which occurred between Dec. 7 and March 10, allowed credit and debit card numbers to be stolen as shoppers swiped their cards at checkout line machines and the information was transmitted to banks for approval.

Even while the Hannaford hack was still going on last month, the company was found to be in compliance with security standards required by the Payment Card Industry, a coalition founded by credit card companies.

Posted: Mar 31 2008, 05:44 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.