Hannaford reports data breach involving 4.2 million accounts

PORTLAND, Maine Hannaford finds itself in the midst of a major security breach that has affected all 165 stores it operated in the Northeast, 106 Sweetbay stores in Florida and a small number of independent groceries that sell Hannaford products, according to the Associated Press. In all, over 4 million debit and credit card numbers were exposed, which led to 1,800 cases of fraud.

The numbers were stolen during the card authorization process. Hannaford became aware of the breach Feb. 27. Investigators later determined that the breach began on Dec. 7 and that it wasn’t put under control until March 10, according to Carol Eleazer, Hannaford’s vice president of marketing in Scarborough.

The U.S. Secret Service, whose duties include investigating electronic crimes such as data breaches, confirmed it’s investigating but declined to comment on the scope of the crime.

Bruce Spitzer, a spokesman for the Massachusetts Bankers Association, criticized the delay in public notification of the source of the breach.

“Visa and MasterCard have stipulated in their contracts with retailers that they will not divulge who the source is when a data breach occurs,” Spitzer said. “We’ve been engaged in a dialogue for a couple years now about changing this rule.... Without knowing who the retailer is that caused the breach, it’s hard for banks to conduct a good investigation on behalf of their consumers. And it’s a problem for consumers as well, because if they know which retailer is responsible, they can rule themselves out for being at risk if they don’t shop at that retailer.”

This breach is considered one of the biggest cases on record involving a retailer.