Supermarket data breach still unsolved

More than 4 million customer accounts exposed to fraud

	More than 4 million customer accounts at grocery stores in the Northeast and Florida were exposed to fraud. Hannaford Bros. Co. doesn't yet know how the breach occurred.
Shawn Patrick Ouellette / AP

MSN Tech and Gadgets

Most overrated and underrated tech

10 hot Web redesigns of 2008

From Paper to PDA: Organize your life

Most popular

• Most viewed

• Top rated

• Most e-mailed

McCain has 3 weeks to reverse Obama lead

Step-on scanner lets air travelers keep shoes on

States warned about impending mortgage crisis

Man accused of tucking 6 lobsters into his pants

Plan pushed for government to buy bank stocks

Most viewed on msnbc.com

RSS feeds on msnbc.com

Add these headlines to your news reader

Security

Learn more about RSS

By Clarke Canfield

updated 7:15 p.m. ET March 18, 2008

PORTLAND, Maine - It was during the card approval process that more than 4 million customer accounts at grocery stores in the Northeast and Florida were exposed to fraud, even though the company meets the latest standards for data security, a spokeswoman said Tuesday.

Hannaford Bros. Co. doesn't yet know how the breach — which began Dec. 7 and ended March 10 — occurred, said Carol Eleazer, vice president of marketing for Hannaford, based in Scarborough.

About 4.2 million credit and debit card numbers were exposed and at least 1,800 stolen during the seconds it takes for that information to travel to credit card companies for approval after customers swiped their cards in checkout-line machines, Eleazer said.

Story continues below ↓

On Tuesday, many customers were not yet aware of the problem. Others who'd read or heard about it didn't seem alarmed.

Shopper Mary Kellett said she'll continue to shop at Hannaford — and use her credit card. She'll also be more vigilant checking her card statements.

"Nobody's really found a perfect a way to prevent this," she said as she loaded bags of groceries into her car in a Hannaford parking lot in Portland. "But I'm still here shopping today."

It's virtually impossible to make credit card transactions 100 percent secure, even if companies use state-of-the-art technology and accepted security practices, said Avishai Wool, chief technical officer at AlgoSec, a computer network security company in Reston, Va.

"That's like asking if you can have a 100-percent secure home that cannot be broken into," Wool said. "I don't think you can. If the bad guys spend enough money and have the appropriate equipment, they can go through anything."

The breach affects all 165 Hannaford stores in New England and New York, 106 Sweetbay stores in Florida and a smaller number of independent stores in the Northeast that sell Hannaford products. Hannaford and Sweetbay are owned by the Belgian supermarket chain Delhaize America.

Click for related content

Breach exposes 4.2 million credit, debit cards
Red Tape: Another data leak, another mystery
Hacker breached data at Harvard University
Which firms have the most ID theft victims?
Red Tape: Friends, family, and ID thieves plans

The Hannaford case is among the largest security breaches on record but is still much smaller than the tens of millions of credit cards that were exposed at TJX Cos. of Framingham, Mass., which has 2,500 stores and includes the T.J. Maxx and Marshalls chains.

Hannaford stores, Eleazer said, do not use wireless systems, which are believed to have been the entry points for other recent large-scale data thefts at retailers, including the TJX case.

CONTINUED : "You have to think of this as an arms race ..."

1 | 2 | Next >