A large East Coast supermarket chain is the latest victim of a major notes breach, with as many as four million credit- and debit-card numbers exposed. Hannaford Bros., based in Maine, announced the “containment of a input intrusion into its computer network” that resulted in the theft of goods, but added that “no personal data, such as names and addresses, was accessed or obtained.” The company said it is “aware of fewer than 2,000 cases of reported scam related to that crime.”

Hannaford operates 165 stores along the East Coast and, under the name of Sweetbay Supermarket, another 106 stores in Florida. The company is owned by the Delhaize Group of Brussels, Belgium. plus affected by the breach are an unknown number of independent retailers in the Northeast that sell Hannaford products.

According to a statement from Hannaford, “data was illegally accessed from Hannaford’s computer systems during the card-authorization transmission process.” A statement from Hannaford CEO Ron Hodge

said that the stolen documents “was limited to credit- and debit-card numbers and expiration dates,” not names or addresses, and that the company “doesn’t know or keep any personally identifiable knowledge from customers.”

Attacks on notes in Transit

“What showed up here was a new trend where criminals are going after documents in transit, as opposed to notes at rest. I think everybody was caught off-guard by that,” Avivah Litan, a defense analyst for Gartner, told us.

Payment Card Industry standards from credit-card issuers mandate that retailers take protection measures such as protecting stored cardholder info and encrypting the transmission of details across open networks. Despite the breach, Litan said Hannaford could possibly have been in compliance with PCI standards.

“When you swipe a card, it should be encrypted immediately,” she said, but often it’s not until the notes gets to the cash register that encryption happens; in…

Orginal post by Top Tech News