The Spokesman-Review Newspaper
The Spokesman-Review Newspaper The Spokesman-Review
Spokane, Washington  Est. May 19, 1883
Current Temperature
57°F
Current Conditions
Overcast clouds
View complete weather report

Color Scheme

Subscribe now

Millions of customers’ credit data exposed

Clarke Canfield Associated Press

PORTLAND, Maine – It was during the card approval process that more than 4 million customer accounts at grocery stores in the Northeast and Florida were exposed to fraud, even though the company meets the latest standards for data security, a spokeswoman said Tuesday.

Hannaford Bros. Co. doesn’t yet know how the breach – which began Dec. 7 and ended March 10 – occurred, said Carol Eleazer, vice president of marketing for Hannaford, based in Scarborough.

About 4.2 million credit and debit card numbers were exposed and at least 1,800 stolen during the seconds it takes for that information to travel to credit card companies for approval after customers swiped their cards in checkout-line machines, Eleazer said.

On Tuesday, many customers were not yet aware of the problem. Others who’d read or heard about it didn’t seem alarmed.

Shopper Mary Kellett said she’ll continue to shop at Hannaford – and use her credit card. She’ll also be more vigilant checking her card statements.

“Nobody’s really found a perfect a way to prevent this,” she said as she loaded bags of groceries into her car in a Hannaford parking lot in Portland. “But I’m still here shopping today.”

It’s virtually impossible to make credit card transactions 100 percent secure, even if companies use state-of-the-art technology and accepted security practices, said Avishai Wool, chief technical officer at AlgoSec, a computer network security company in Reston, Va.

“That’s like asking if you can have a 100-percent secure home that cannot be broken into,” Wool said. “I don’t think you can. If the bad guys spend enough money and have the appropriate equipment, they can go through anything.”

The Hannaford case is among the largest security breaches on record but is still much smaller than the tens of millions of credit cards that were exposed at TJX Cos. of Framingham, Mass., which has 2,500 stores and includes the T.J. Maxx and Marshalls chains.

Hannaford stores, Eleazer said, do not use wireless systems, which are believed to have been the entry points for other recent large-scale data thefts at retailers, including the TJX case.

The TJX breach is thought to have started when hackers intercepted wireless transfers of customer information at two Marshalls stores in Miami – an entry point that eventually gave hackers undetected access to TJX’s central databases for a year and a half.

For merchants to accept credit cards, they have to meet industry standards that credit card firms impose on merchants to protect data.