Hannaford to add encryption, bolster systems in wake of breach

Ron Hodge, the grocer's president and CEO, said the company would spend millions to align the company's security processes with the ISO 27001 security standard.

This Content Component encountered an error

Hannaford Bros. Co. said this week that it intends to deploy a broad range of security technologies, including new intrusion-prevention systems and encryption to protect credit card data during a transaction.

Hannaford data breach:
Hannaford breach illustrates dangerous compliance mentality: As Executive Editor Dennis Fisher explains, the Hannaford supermarket breach illustrates how too much emphasis on compliance puts critical data at risk.

Hannaford breach details indicate inside job: The fact that so many servers were compromised with malware suggests a trusted user on the inside engineered the data breach at Hannaford's, experts say.

Hannaford breach highlights messaging system struggles: The messaging system connecting Hannaford's complex systems could have provided the hole necessary to install malware onto the grocer's systems, an expert says.

Hannaford breach illustrates need to have a survival plan: The Hannaford Bros. Co. supermarket chain is the latest company to suffer a data breach. It illustrates the need for companies to have a survival plan tucked away, experts say.

Misconfiguration issues could have contributed to Hannaford breach: Hannaford takes heat from officials who believe the supermarket chain was slow in disclosing its breach. Meanwhile, one of Hannaford's security vendors gets defensive.

The Scarborough, Maine-based company said it plans to bolster its systems in the wake of a data breach in which 4.2 million credit and debit card numbers were stolen from its systems. The intrusion took place between Dec. 7 and March 10.

Ron Hodge, the grocer's president and CEO, and Bill Homa, its CIO said the company's systems were compliant with the PCI Data Security Standards (PCI DSS) but the standards offer little coverage over consumer data in motion during credit card transactions processed at nearly 300 stores.

Homa said the company signed a managed security services deal with IBM to conduct 24-hour network monitoring. The goal, Homa said, is align the company's security processes with the ISO 27001 security standard.

In addition, the company is working with General Dynamics, Cisco Systems and Microsoft to upgrade and replace affected systems. New PIN pads with encryption capabilities will also be installed. In all, Hodge said the company would spend millions of dollars in the upgrade program.

Investigators are still trying to figure out how attackers placed malware on the Hannaford servers to silently sniff the data while it was in motion.

Experts say the breach serves an important lesson that it's just as important to limit the network access of employees and regularly monitor system activity as it is to purchase security technology to block attacks from the outside. The messaging system connecting Hannaford's complex systems could have provided the hole necessary to install malware onto the grocer's systems.

Dig deeper on Identity Theft and Data Security Breaches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close