Hannaford security breach, 4m cards stolen
The theft of an estimated 4.2 million credit and debit card numbers from Hannaford Bros. grocery stores in the New England area appears to be the result of malware. In a letter cited by The Boston Globe from Hannaford Bros. to Massachusetts Attorney General Martha Coakley and the state’s Office of Consumer Affairs and Business Regulation, the company said that the data breach it disclosed on March 17 involved malicious software that was found on computer servers at about 300 of the company’s stores. The software reportedly intercepted credit card data during checkout and sent captured information overseas, according to the letter.
While Hannaford has acknowledged that up to 4.2 million credit and debit card numbers were compromised, it said there’s no evidence to indicate that cardholder names and addresses were stolen. The company has said it continues to investigate the incident. The Secret Service is conducting its own investigation. “In this case, it looks like the hackers exploited the weakest link,” said Chris Andrew, VP of security technology at Lumension, a security management company. Slavik Markovich, CTO of database security company Sentrigo, observes that the attack is unusual in that the thieves attacked the endpoints of the network, rather than accessing the endpoints to reach a central data repository. He said he believes the attack was specially crafted to affect Hannaford’s systems.
Source: InfoWeek
2008 and this still happens. Pretty sad.
ppl get pwned all the time, lol
We need death penalty for hackers. This is serious crime.
They should have fucкing used KASPERSKY…I bet they had Norton instead
Don’t you Americans see any thing else other than death penalty? Pretty sad =\
He said he believes the attack was specially crafted to affect Hannaford’s systems.
DOH! This sort of thing doesn’t work unless you do it on a case by case basis!
I work for Bank of America’s consumer credit card fraud department and we are reissuing most of our cards that were involved in this. Giant pain in the a$$
@10 how did you know that #8 was an american? Sounds to me like you already have prejudgment, possible led on by sheer jealousness of our superiority in the computer world.
http://thehoot.net/articles/2656
http://www.hannaford.com/credit_card_security/index.htm
“…Hannaford spokesperson said there’s no evidence to indicate that cardholder names and addresses were stolen”.
You can feel safe now, there won’t be any “thank you” letters from the fraudsters! An inspired statement, and in the meanwhile “So far fewer than 2,000 cases of fraud have been linked to the breach…but that number will -potentially- grow” and “Unfortunately [a credit card number and expiration date] is enough data to do fraudulent charges later”, no sh!t Sherlock! but in the end “…this event only serves to strengthen our commitment to you“(!!) -President and CEO of Hannaford. Hilarious, he’s obviously on something, probably expired too.
Unbelievable but these are the guys you shop from.
Best of luck, you’ll need it for next time.
lol, how they got the software onto 300+ computers id beyond me. Maybe they should hire security system analysts who know what the hell they’re doing and not just doing lollygagging.
This happened to my hometown’s hannaford
Makes me think inside job.
Maybe the workers shouldn’t accept every ad they see.
“You win a car, just click here and download this spyware”
Oh, clickeh!!
Those crazy Russians…
it happened with EVERY hannaford. mainly bigger banks have had the more fraudulent business going on like T.D. Banknorth, Bank Of America, Keybank. but local banks havent had any troubles. but i think td banknorth already stated that there has been about over 4,000 fraud charges to cards already.
Directly relating to this article I would be interested in knowing what malware was loaded onto the PC’s. More specifically how…
We’ll be after the nuclear wessels next….
I work at Hannaford, so trust me, I’ve been dealing with this exclusively for the past two weeks. It’s a good thing that Hannaford doesn’t collect personally identifiable information from its debit/credit card customers, because if we had names and addresses taken as well, those customers could be victims of identity theft. It may be inconvenient, but it could be much, much worse.
Inside Job!
I do not believe this is an inside job. If what that analyst is saying to be true then it all that is required is to get some idiot to click on a link which would auto run and propagate through the network. The endpoints were target for a reason. If it were an inside job then… why?
@8 Blobsters: “Sounds to me like you already have prejudgment, possible led on by sheer jealousness of our superiority in the computer world.”
That is a perfect example of IGNORANCE!
Come on, even Europe is far ahead of the US when it comes to technology.
Also, how in the world could you refer to a non-existent post at your time of writing? Just to correct you, it was #5 and not #10, jeez.
If you seriously thought it would make you sound smart, well, you just proved the exact opposite to thousands of people, congratulations.
forget KASPERSKY they should use avi way better. and why all of a sudden with the change of dates in pots?
woops i mean avg anti virus.
By 2010 every american will have their Identity stolen atleast once….mine has been.
do you wnat to enjoy your life now?
what do they do to relax theirselves?
want to know,come here.ill show you what i search?
look at the super star,listen some music,diy-t-shirt
http://www.youtube.com/watch?v=ICD_LGeCq58
http://www.youtube.com/watch?v=4sfJhhN1rcA
http://www.youtube.com/watch?v=V19SvSUYYOs
http://www.diy-t-shirt.com