Hannaford is the second New England company to disclose a major security breach in the past year. In 2007, Framingham-based TJX Companies Inc. said thieves potentially gained access to tens of millions of customers’ credit- and debit-card data over a four-year period - possibly the largest such lapse ever.
Hannaford, which has some two dozen Massachusetts stores, said the breach began Dec. 7 and continued until March 10. Anyone who used a credit or debit card during that period at the chain’s 165 New England and New York stores or 106 Sweetbay outlets in Florida faces potential problems.
So do customers who shopped at an undisclosed number of small grocers that stock Hannaford products. “We sincerely regret this intrusion into our systems, which we believe are among the strongest in the industry,” CEO Ron Hodge said in an open letter posted on the Maine-based chain’s Web site. However, Hannaford admitted that it first learned of the security breach nearly three weeks ago. Paul Stephens of the Privacy Rights Clearinghouse said such a delay in disclosing the problem “puts consumers in a difficult position, because they have no way of knowing whether their accounts may have been impacted or not.” But Hannaford Vice President Carol Eleazer defended her firm’s actions, saying the chain “moved with all deliberate speed to get out to customers with information that we could have confidence in.
” Hannaford added that the breach only involved credit- and debit-card numbers, not customers’ names, addresses or phone numbers. Still, the chain urged all customers to carefully check account statements and report any suspicious activity to their banks. The Massachusetts Bankers Association also recommended that shoppers watch out for calls or e-mails purporting to come from banks seeking to “verify” personal information to “protect” customer accounts. The U.S. Secret Service, whose enforcement duties include electronic crimes, confirmed that it’s investigating the case, but declined to provide details.
Home
»
Privacy Rights Clearinghouse
» Hannaford said that the breach only involved credit- and debit-card numbers, not customers’ names, addresses or phone numbers
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment