Security Breach Rendered 4.2 Million Credit, Debit Cards

March 19, 2008

(Long Island, N.Y.) In one of the biggest credit card database breaches ever maneuvered in the US, unidentified cyber thieves where able to secure over 4.2 million credit and debit card account numbers from a national grocery chain’s account information database.

Hannaford Bros., formerly known as Shop ‘N’ Save which is an American supermarket chain that has its headquarters in Maine and operates with more than 150 outlets in New York and New England reported on Monday that over 4.2 million credit card numbers where stolen during card authorization process since December of last year. The company noted that they became aware of the situation only after Feb. 27 when another breach was detected by their system and immediately notified authorities afterwards. Currently, over 1,800 known cases of credit card fraud has been reported due to the incident.
”
“We have taken aggressive steps to augment our network security capabilities,” Hannaford president and CEO Ronald C. Hodge said in a statement released Monday. “Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.”

Hannaford Bros. also contacted the US secret service agency and urged their participation in the investigation. “The company did contact us, and we are investigating,” said agency spokesman Malcolm Wiley deferring to give further comment on their separate inquiry.

In a statement released last Monday, Hannaford bros. intimated that over 35 percent of the accounts stolen comes from leading credit card association Visa while the remaining percentage are portioned off by MasterCard , AMEX and JCB. MasterCard released a written statement last Monday which read. “Because this incident is the subject of an ongoing law enforcement investigation, we cannot disclose additional details regarding the incident or otherwise comment at this time.”

Industry experts criticize the delay in which local banks and credit card companies were notified of the breach. Bruce Spitzer, a spokesman for Massachusetts Bankers Association said, Visa and MasterCard have stipulated in their contracts with retailers that they will not divulge who the source is when a data breach occurs,” Spitzer said. “We’ve been engaged in a dialogue for a couple years now about changing this rule…. Without knowing who the retailer is that caused the breach, it’s hard for banks to conduct a good investigation on behalf of their consumers. And it’s a problem for consumers as well, because if they know which retailer is responsible, they can rule themselves out for being at risk if they don’t shop at that retailer.”

Posted by News LI Editor · Edited by Brianna - Filed Under Technology