Data Stolen Again: This Time Grocer Hannaford Hit


Hannaford Brothers supermarket chain disclosed that it had a breach of its computer system beginning last December that exposed 4.2 million credit and debit card numbers, as well as led to at least 1,800 fraud cases, the Boston Globe reported today. The breach affected stores in five states - Maine, Massachusetts, New Hampshire, New York and Maine - and 270 of its stores. The breach wasn't suspected until February and continued until March of this year.

Unlike the TJX breach, Hannaford appeared to meet all the industry standards involving how customer data is supposed to be protected.

It hasn't been disclosed how customer information was compromised, but in a more detailed story at ComputerWorld, the speculation is that it was stolen in transit between Hannaford stores and the financial institutions that process the stores' credit/debit card transactions.

I don't know if this qualifies as the first million plus data breach in the US for 2008 since the breach began last year - if it counts, I guess we can ring the bell.

Also, Gregory Kopiloff was sentenced at the U.S. District Court in Seattle, Washington yesterday to four years in federal prison for using file-sharing software to steal at least 83 identities. It is the first federal case against those using file-sharing software for identity theft.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City