Hannaford Brothers supermarket chain disclosed that it had a breach of its computer system beginning last December that exposed 4.2 million credit and debit card numbers, as well as led to at least 1,800 fraud cases, the Boston Globe reported today. The breach affected stores in five states - Maine, Massachusetts, New Hampshire, New York and Maine - and 270 of its stores. The breach wasn't suspected until February and continued until March of this year.
It hasn't been disclosed how customer information was compromised, but in a more detailed story at ComputerWorld, the speculation is that it was stolen in transit between Hannaford stores and the financial institutions that process the stores' credit/debit card transactions.
I don't know if this qualifies as the first million plus data breach in the US for 2008 since the breach began last year - if it counts, I guess we can ring the bell.
Also, Gregory Kopiloff was sentenced at the U.S. District Court in Seattle, Washington yesterday to four years in federal prison for using file-sharing software to steal at least 83 identities. It is the first federal case against those using file-sharing software for identity theft.