4.2 Million Exposed in Credit Breach
by Dahlia Marcano

On February 27, one the largest U.S. security breaches on record occurred in Hannaford Bros. Supermarkets, a large supermarket chain on the east coast.

According to Hannaford, credit and debit card numbers were stolen during the authorization process, causing a breach that reportedly led to 1,800 cases of fraud, along with the exposure of about 4.2 million debit and credit card account numbers. Areas affected consisted of the entire Northeast and Florida, as well as several other independent groceries selling Hannaford products.

No personal information of any sort, such as names or telephone numbers were revealed, just account numbers.

Although Hannaford had no detected the breach until February, investigators claim that the breach had started on December 7, meaning it went unnoticed for three months, until it was finally contained on March 10. Hannaford president and CEO Ronald C. Hodge stated, “We have taken aggressive steps to augment our network security capabilities. Hannaford doesn't collect, know, or keep any personal identifiable customer information from transactions.”

In addition to tighter security, Hannaford also advised all its customers that may have been affected by the breach to closely monitor their credit and debit card accounts and report any unknown transactions to the authorities.

The scale of the data breach was so extensive that the U.S. Secret Service joined the investigation but withheld any information, simply commenting, “The company did contact us, and we are investigating.” The vagueness of information on the matter was also shared by MasterCard and Visa, the two largest U.S. credit card associations, where MasterCard declined disclosure of additional details, and Visa simply never returned any probing calls.

On the upside, an attorney for the Marine Bankers Association Mark Walker, stated that very few reports of suspicious activity with credit and debit cards had been issued. However, many are still irritated and confused as to why the public is being kept in the dark about the source of the breach.

Bruce Spitzer, a spokesman for the Massachusetts Backers Association, argued, “Visa and MasterCard have stipulated in their contacts with retailers that they will not divulge who the source is when a data breach occurs. Without knowing who the retailer is that caused the breach, it's hard for banks to conduct a good investigation on behalf of their customers.”

In addition to outraged bank employees, consumers were also upset. San Diego based consumer Paul Stephens commented, “The delay in disclosure puts consumers in a difficult position because they have no way of knowing whether their accounts may have been impacted or not.” In Hannaford's defense, Carol Eleazer, one of Hannaford's vice presidents in marketing, retorted, “We moved all deliberate speed to get out to customers with information that we could have confidence in. This is a complex undertaking.”

Consumers sum up the issue with the popular notion that in the end, this type of crime ends up costing billions, and everyone will have to pay. Consumer advocate Eric Bourassa solemnly declared, “At the end of the day, as consumers, we all pay for it because we get that passed on to us in the form of higher costs for consumer goods and products.”

Although the breach was one of the largest to date, far fewer cards were exposed now than in the largest hack in 2005.

However, the dispute between consumers and the investigators raises the question of whether or not consumers are represented fairly and respectfully in such matters that ultimately affect them more than anyone else involved.