Technology Trends Alert: Hannaford Hacked
The Hannaford data breach goes to show retailers that PCI Compliance is not an invincible shield, and even systems managed by one of the industry’s top c.i.o.s can fall prey to a determined hacker. Indeed, the incident, which was caused by a data intrusion into Hannaford's network, has led retail and technology experts to question the validity of the data security standards.
The breach, which took place between Dec. 7 and March 10, affected all 165 Hannaford stores, as well as 106 Sweetbay Supermarket stores in Florida, a sister Delhaize chain; and certain independent operators that sell Hannaford items.
At least 1,800 cases of fraud have come to light as a result of the breach, which was caused by malware secretly installed on its servers. The grocer has become the target of several class actions filed on behalf of consumers. This is one area where being PCI-compliant will help, as it supports the argument that Hannaford wasn’t negligent, much the same way that a retailer that can demonstrate a regular maintenance and cleaning schedule will seldom lose a slip and fall case.
The Payment Card Industry Data Security Standard was put in place by major credit card brands to make sure retailers take sufficient steps to protect customers' financial data. Mandated by major card brands including Visa, MasterCard, American Express, and JPMorgan Chase, it requires merchants to implement 12 account-protection mechanisms, including encryption, vulnerability scans, and the use of firewalls and antivirus software.
Hannaford customers demonstrated mixed reactions to the breach. Reader reactions in comments on the Maine Today Web site were mixed, with some locals loyally taking the company's side, and others accusing it of performing poorly both in terms of security and post-incident public relations.
"I'll stick with Hannaford," noted one commenter. "It could have happened to any company."
Identity theft facts:
- The 2006 victim population was at 15 million. That means every minute about 28.5 people become a new victim of this crime, or a new victim is added in just over two seconds.
- The top states in terms of victims per capita are: New York, California, Nevada, Arizona, Washington, and Texas. The Id Analytics study 2007 includes Hawaii, Illinois, Oregon, and Michigan. The FTC 2006 report includes Florida, Georgia, and Colorado.
Source: The Identity Theft Resource Center
Related Stories from Progressive Grocer Online:
Hannaford's Apology on Data Breach Hits Stores