The theft of an estimated 4.2 million credit and debit card numbers from Hannaford Bros. grocery stores in the New England area appears to be the result of malware.
In a letter cited by The Boston Globe from Hannaford Bros. to Massachusetts Attorney General Martha Coakley and the state's Office of Consumer Affairs and Business Regulation, the company said that the data breach it disclosed on March 17 involved malicious software that was found on computer servers at about 300 of the company's stores.
The software reportedly intercepted credit card data during checkout and sent captured information overseas, according to the letter.
Carol Eleazer, VP of marketing for Hannaford Bros., confirmed that a letter had been sent to the Massachusetts attorney general and that the facts reported were essentially accurate. She noted that the fix deployed involved software, and not the replacement of hardware. "It was a software problem and it took a software fix," she said.
Eleazer had no further information to provide about the incident, citing ongoing law enforcement and internal forensic investigations.