Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hannaford Data Breach Blamed On Malware: Page 2 of 4

The breach occurred between Dec. 7 and March 10. Hannaford Bros. said it detected the breach on Feb. 27.

Coakley last month urged consumers who made a purchase at Hannaford stores during this period to watch out for unauthorized use of their credit or debit card numbers and to take steps to safeguard their personal information.

While Hannaford has acknowledged that up to 4.2 million credit and debit card numbers were compromised, it said there's no evidence to indicate that cardholder names and addresses were stolen. The company has said it continues to investigate the incident. The Secret Service is conducting its own investigation.

"In this case, it looks like the hackers exploited the weakest link," said Chris Andrew, VP of security technology at Lumension, a security management company.

Slavik Markovich, CTO of database security company Sentrigo, observes that the attack is unusual in that the thieves attacked the endpoints of the network, rather than accessing the endpoints to reach a central data repository. He said he believes the attack was specially crafted to affect Hannaford's systems.