Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Hannaford sued over data breach
Published: 2008-03-20

At least two class-action lawsuits have targeted Hannaford Bros., the grocery store chain that announced this week that millions of credit- and debit-card numbers were stolen by data thieves.

While details of the theft are still sketchy, a Philadelphia-based law firm announced on Wednesday that it had been retained as part of a class-action lawsuit against the Maine company, which owns 165 Hannaford grocery stores in New England and New York, and 106 Sweetbay stores in Florida. A second lawsuit was reportedly filed in district court in Bangor, Maine, on behalf of a Maine woman.

Hannaford Bros. announced on Monday that a compromise of its transaction processing network had resulted in the theft 4.2 million credit- and debit-card account numbers. The announcement came after Visa and MasterCard warned banks in the northeast United States that a breach at "a major retailer" put customer card data at risk.

"Hannaford was first made aware of suspicious credit card activity on Feb. 27, and immediately initiated a comprehensive investigation with the assistance of leading computer security experts," the company said in a statement released earlier this week.

Credit-card companies contacted at least 60 banks in Massachusetts alone to warn of the break-in, but did not name the retailer in their communications with the various financial firms. The data breach may hit the region's banks harder than the larger breach at retail giant TJX Companies because its impact has been local, the Maine Credit Union League said on Tuesday.

"Because the compromise occurred at a major Maine retailer that so many Maine people use on a regular basis, the impact and cost of this compromise will be significantly higher than the TJX compromise last year," Rebekah Higgins, card-services manager at Synergent, the service subsidiary of the Maine Credit Union League, said in a statement.

In 2007, the total number of credit and debit accounts put at risk by data breaches reported reached an all-time high. A year ago, retail giant TJX Companies announced that online thieves had stolen at least 46.5 million records in a compromise of its systems that had lasted nearly 18 months. The size of the breach reached more than 94 million, according to testimony given by Visa and Mastercard executives in August. New England banks had sued TJX to recover the costs of replacing customers' cards put at risk by the breach.

The banks and retailer settled in December, with the retailer promising to dole out a total of $41 million to any banks affected by the breach.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus