Sections

Hannaford and Sweetbay Supermarkets, owned by the Belgium-based Delhaize Group, recently discovered that a computer hacker breached security and stole 4.2 million credit and debit card numbers from their customers.

The data was accessed from Hannaford’s computer systems during the card authorization transmission process, explained Mike Norton, a spokesperson for Hannaford Bros. Credit and debit card numbers and expiration dates were accessed, but not the names and addresses of individuals.

So far fewer than 2,000 cases of fraud have been linked to the breach but “the potential is that number could grow” as more individuals come forward after looking into their records, Norton told The Hoot.

“Unfortunately [a credit card number and expiration date] is enough data to do fraudulent charges later,” he explained. Hannaford would not disclose when they believe the original breach occurred due to the ongoing investigation, but suggested customers look into their financial statements from the past three months for evidence of fraud.

Since all the Hannaford Bros. stores are in the same computer system it is unknown how many credit cards numbers were stolen from customers who used their credit card at the local Russell St. Hannaford store.

Hannaford has stores in New England, New York, and Sweetbay customers in Florida.

“In theory all our stores could be affected,” said Hannaford community relations employee Tap Fitzgerald.

The individual stores were not authorized to speak about this matter with the media.

Norton declined to comment on where the hacker accessed the system or when the initial attack on the system occurred due to the ongoing police investigation.

“From the customer perspective, it isn’t relevant where the breach occurred because it affects all the stores,” he said. There are 165 Hannaford stores in the U.S. Northeast and 106 Sweetbay supermarkets in Florida.

The chain originally discovered unusual credit card activity on Feb. 27 when a data processing company informed them that suspicious behavior was occurring. Hannaford would not comment on the nature of the suspicious activity, citing a desire to protect the industry in the future.

“We have never been through this before – we’ve never had a breach like this,” said Norton. “The system was attacked in a fairly sophisticated way. It was unfortunate that we did not know about it until Feb. 27.”

“We have taken aggressive steps to augment our network security capabilities” stated Ronald C. Hodge, Hannaford president and CEO in a statement Monday. “Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.”

In an attempt to guard against future breaches Hannaford is increasing monitoring of its transactions and working with law enforcement and forensic technology experts to understand what occurred.

“Our customers are precious to us and we’re incredibly regretful that this happened. It’s certainly not the fault of anyone at the Waltham store,” said Norton.

“We have confidence that [the breach] is now contained.” Norton then added, “but we still have to understand things in greater depth.”