Hannaford Bros. Reports Security Breach
An AP newswire article, via MaineToday.com, reports that:
Hannaford Bros. supermarket chain announced Monday a security breach that led to thefts of customer credit and debit card numbers from more than 200 stores.More here.
Hannaford says the security breach affects all of its 165 stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.
The company puts the number of unique credit and debit card numbers that were potentially exposed to fraud at 4.2 million, but there have been only about 1,800 cases of reported fraud related to the security breach, said Carol Eleazer, Hannaford's vice president of marketing in Scarborough.
The company says credit and debit card numbers were stolen during the card authorization transmission process but no personal information like names, addresses or telephone numbers was divulged.
Hannaford first became aware of unusual credit card activity on Feb. 27. Investigators later discovered that the data breach began on Dec. 7; it wasn't contained until March 10, Eleazer said.
Note: From earlier today. -ferg
2 Comments:
Ferg: Spectacular announcements about massive data security breaches do the public little good. The implication of these announcements is that some data (i.e., that which are the subject of the announcements) are more exposed than other data. As a practical matter that is false. All personally identifiable data are more or less exposed all the time. And successful exploitation of that data by an identity thief requires a lot of work and luck. Socially responsible data-holders should set a high threshold of proof before concluding that a "data security breach" worthy of announcement has occurred for any given unit of data. (Data-holders should of course consult their attorneys.)
Ben Wright:
While that may be true some of the time, it is definitely not true all of the time.
And in cases where there are large numbers of unwitting consumers' financial data subject to theft and fraudulent usage, there should always be a public notification.
- ferg
Post a Comment
<< Home