East Coast supermarket chain Hannaford Bros. Co. said Monday that its network was broken into and customer credit and debit card numbers were stolen.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The Associated Press reported that company officials said the breach exposed 4.2 million credit and debit cards and led to 1,800 cases of fraud.
In a statement on the company’s website, Hannaford CEO Ron Hodge said the stolen data was limited to credit and debit card numbers and expiration dates; no personal data was accessed. The card numbers were stolen from Hannaford’s computer systems during transmission of card authorization.
The breach affected Hannaford stores in New England and New York, Sweetbay stores in Florida and some independently-owned retail locations in the Northeast that carry Hannaford products. Hannaford discovered the intrusion on Feb. 27 and alerted law enforcement officials.
The company advised customers that made purchases at its stores using credit and debit cards over the last three months, and who suspect their accounts may have been compromised, to immediately notify their card issuer or bank.
In his statement, Hodge said Hannaford “doesn’t collect, know or keep any personally identifiable customer information from transactions.” He added, “We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry.”
Meanwhile, the Massachusetts Bankers Association said in a statement Monday that Visa and MasterCard have notified 60 to 70 banks in Massachusetts about a large data breach involving what the card companies would only describe as a major retailer.
The MBA estimates that “hundreds of thousands” of credit and debit cards owned by consumers in Massachusetts and northern New England states could be affected, and urged consumers to monitor their accounts. The association said it has been in discussions with the card companies and pursuing legislative alternatives that would require that the name of the retailer involved in a breach be released.