One day after news broke about a large-scale theft of personal credit and debit card numbers during transactions at Hannaford Supermarkets, customers jammed phone lines looking for information and company officials tried to determine how far beyond 1,800 the list of affected people may grow.
The security breach occurred in the form of a data intrusion into the Hannaford computer network, resulting in credit and debit numbers and expiration numbers being stolen as the transactions passed electronically between the supermarket and the credit companies. Company officials have assured customers that no personal information that could result in identity theft was compromised during the breach, but could not rule out the possibility that PIN numbers might have been copied.
As of Tuesday, 1,800 transactions were identified as compromised, but more are likely as 4.2 million transactions are investigated from December 2007 through Feb. 27, 2008. Adding to the worry, no specific store locations have been identified.
“What we know is that the attack occurred in that time period, and we’re working day and night to get our arms around the precise extent,” said Hannaford spokesperson Michael Norton. “We can’t contact people directly because we never collect their names and addresses during financial transactions at the stores.”
Norton said on Feb. 27, several of Hannaford’s financial partners involved in the payment process alerted the supermarket chain of the potential breach.
“They can view data processes that we can’t access,” said Norton, who declined to give specifics about what warning flags went up or how the investigation is proceeding.
While waiting for more information to be released, Hannaford customers are being urged to carefully review their financial institution and credit card statements, immediately contact the credit card company or issuing bank if any charges look unfamiliar, and to contact the Hannaford customer service department at (866) 591-4580.
Chris Labatt-Simon is owner and president of D&D Consulting in Albany. Launched in the 1990’s, the company focuses on ensuring security of data crossing internal and external networks. Labatt-Simon said Tuesday he’s not surprised by news of the breach.
“This stuff happens every day, but most of it falls under the radar of the general public,” he said. “More information theft is taking place at the point of service and swipe card readers. It’s the evolution of technology today being exploited.”
Labatt-Simon said it’s vital every consumer realize that computer hacking is no longer fun and games.
“Ten years ago or more, the main suspect was a kid playing war games in a back bedroom,” said Labatt-Simon. “Today, there are organized crime groups and gangs who set up entire companies to attack systems, pull any information they can get, and sell it to the highest bidder. That’s the way it works.”
Other experts in the field recommend people take proactive measures to protect their financial information in every way possible.
“Consumer awareness is the number one factor, because there are so many types of scams and computer attacks,” said Krista Montie, public information specialist for the state Office of Cyber Security and Critical Infrastructure Coordination in Albany. “People should always check their credit card and bank statements carefully even if they have no reason for concern. Be careful who you’re doing business with in person and online.”
Despite the potential risk to shoppers, Montie said in her opinion Hannaford isn’t to blame for the incident.
“You can’t blame a particular place. This could happen to organizations large and small,” said Montie. “In the cyber industry, there is never a guarantee of 100 percent security.”
Montie also referred to a tally done by the Privacy Rights Clearinghouse, a nonprofit consumer awareness organization, indicating in the U.S. alone, a total of 218.8 million records containing sensitive personal information were involved in security breaches from January 2005 to the present. The agency offers tips for consumers on its Web site at www.privacyrights.org
Meanwhile, some shoppers at the Hannaford supermarket in the town of Milton Tuesday afternoon weren’t aware of the problem, while others had their own methods of averting the dangers of technology.
“I haven’t heard about it,” said Arlene Robinson of Milton. “I’m not a regular customer here, but it would be awful to think your credit information could be copied like that.”
Dave Hodges of Ballston Spa said he prefers to buy groceries the old-fashioned way.
“I never use credit cards; they’re too much trouble,” said Hodges, while wheeling his cart out of the store. “If I don’t have the cash, I don’t buy anything.”
Labatt-Simon said people don’t need to be scared away from using plastic and go back to paper cash exchanges.
“The situation isn’t so dire that we need to move back to a cash society,” said Labatt-Simon. “But there needs to be more focus on preventing this from happening, and consumers need to be vocal asking organizations like Hannaford to be more concerned about this. It’s up to everyone to demand more security.”