A security breach at the Hannaford east coast supermarket chain has lead to the exposure of some 4.2 million credit cards. The company said it was aware of at least 1,800 cases of fraud directly connected to the breach. If you shopped at Hannaford’s from Dec. 7 to March 10., when the breach is thought to have occurred, now is a great time to close your current credit and debit cards and get new ones. Side note: when clicking around their official website we found many sub-pages are down, saying they’re currently “undergoing site maintenance.”
Breach Exposes 4.2M Credit, Debt Cards [AP] (Thanks to Rich!)
More From Consumerist
-
Feds Charge 18 People With Ringing Up $200 Million In Fraudulent Credit Card Charges
-
California Sues JPMorgan Over How It Collected Credit Card Debt
-
Watch Your Credit Card Statement: Refunds Arriving Soon From AmEx, Capital One, Discover
-
Chase Ordered To Pay $100M To Credit Card Customers For Boosting Minimum Payments
-
Amazon Says It’ll Give Away Millions Of Dollars (In Its New Digital Currency, Amazon Coins)
@FLConsumer: Some reports have implied that Hannaford “self reported” the problem to Visa/MC. This is the preferable way, as the penalties and fines (imposed by Visa/MC) are higher if they figure it out first and then have to tell the merchant.
I really don’t think three weeks from first discovery of problem to public announcement is that bad. They didn’t get the security hole plugged up until March 10, according to their press release. As you stated, they needed to get secure before they announced.
I’ll continue to shop at Hannaford, mostly due to a lack of choices where I am (midcoast Maine). I’d rather go to Hannaford than Walmart. I already shop at the smaller local stores and farmer’s markets when possible. But if Hannaford really screws up their response to this incident, I will find more alternatives.
@jlt: The Hannaford problem had been gong on for months till their customers started complaining to them. Hannaford had no clue someone had compromised their system which is a much bigger problem. You wold have thought that most retailers would have taken a hard look at their security after the TJX incident that happened almost two years ago.
From what i am reading, all they did do to “fix” the problem was change the encryption keys……on the same devices that were hacked in the first place.
Good, I don’t shop there!
@ChuckECheese: What the hell are you talking about?
@scoosdad: You’re doing better than me. I cancelled my debit card because I used it at Hannafords, and I tried to get a regular ATM card. The CSR I talked to said I had to go to a branch and arrange it there. Per my discussion with the teller, I found Key Bank would charge me a dollar a month for the privilege of not having a debit card.
This is really unfortunate. I don’t think Hannaford anything wrong — they were in compliance with the established security procedures for processing electronic payments, and they were compromised anyway. And they don’t keep some massive database of names that they couldn’t keep ahold of, as one or two people have suggested — it was just each transaction being scanned as it happened. (It’s a big part of Hannaford culture NOT to have those stupid loyalty cards with all your personal info — I’m a big fan.)
And I’m not in a position to know, but I would guess they located and plugged the hole as fast as they could once they were made aware of the problem. I agree it might have been unwise to broadcast “hey, we have a gaping security breach, but we don’t know how or where!”
If a PCI compliant system really can be silently compromised this devastatingly, this could lead to some huge issues industry-wide…scary.