|
|
|
e-News
|
|
Hannaford scrutinized for untimely disclosure of data leak, class action lawsuits filed |
03.21.2008
|
SCARBOROUGH, Maine--Hannaford Bros. here is feeling the heat from Massachusetts officials who said the grocery chain waited too long to inform them about a security breach of its computer system that exposed 4.2 million customer credit and debit card numbers and has led to approximately 1,800 known cases of fraud to date.
In a statement released March 17, Hannaford said it became aware of the breach--that occurred during the card authorization transmission process--Feb. 27. The Boston Globe reported March 19 that Massachusetts officials warned Hannaford that state law requires companies to notify authorities "as soon as practicable and without unreasonable delay." As of March 18, the consumer affairs office had not received official notification of the breach, according to The Globe. Other states, including Maine, New York and Vermont, have similar laws.
STORY CONTINUES BELOWAdvertisement
The initial breach is believed to have taken place in December. On March 17, Massachusetts Bankers Association released a statement saying Visa and MasterCard had notified 60 to 70 banks in Massachusetts about a large data breach at a major retailer that occurred between Dec. 7 and March 10. Hannaford came forward with its statement shortly after this information was made public, reported The Globe.
Consumers are also bearing down on the grocery chain about the incident. Two class action lawsuits were filed March 19 in Portland and Bangor on behalf of consumers whose credit and debit card numbers were compromised, according to the Associated Press.
All 165 Hannaford stores in New England and New York, as well as 106 Sweetbay stores in Florida and some independent grocery stores in the Northeast that sell Hannaford products were affected. The Delhaize Group of Brussels, Belgium, owns both companies.
"We have taken aggressive steps to augment our network security capabilities," said Ronald Hodge, Hannaford president and CEO, in the statement. "Hannaford doesn't collect, know or keep any personally identifiable customer information from transactions."
This incident isn't the first security breach at a major retailer. Last year up to 100 million card numbers were stolen from Framingham, Mass., retailer TJX Cos. Unlike TJX, which was faulted for lax security, Hannaford updated its credit card system last spring to meet industry standards, according to The Globe.
Hodge posted a statement on Hannaford's Web site, www.hannaford.com, apologizing to customers for the inconvenience. "We realize this incident may raise concerns and questions for our customers, and we sincerely regret any inconvenience this attack on our system may cause you," the statement said. Notification of the breach is also posted on the Sweetbay Web site, www.sweetbaysupermarket.com
|
|
|
|
|
|
|
|
|
