It turns out malware somehow found its way onto a Maine-based supermarket chain's servers, which led to the security breach announced earlier this month compromising up to 4.2 million credit cards.
Citing a letter the Hannaford grocer sent to Massachusetts regulators, The Boston Globe on Friday reported that the malicious software intercepted data from customers as they paid with plastic at checkout counters and sent data overseas.
The malware was installed on computer servers at each of the 300-some stores operated by Hannaford and its partners, the Globe reported.
The company is continuing its investigation into how the malware may have been placed on the servers. The Secret Service, meanwhile is conducting its own investigation.
The breach appears to be one of the first in which credit card numbers were stolen while the information was in transit, or at the point of sale. One of a growing number of sophisticated attacks, it illustrates vulnerabilities in the communication between cash registers and branch servers, as Neal Krawetz of Hacker Factor Solutions has warned in research (PDF).
That mode contrasts to attacks on databases, the method used to compromise 45.7 million accounts over a two-year period in a data breach of customer records at TJX Companies, the operator of T.J. Maxx and Marshalls retail chains.
Andrew Conry of InformationWeek adds that Hannaford, in addition to the breach, has two related class action lawsuits on its hands alleging negligence in maintaining customer security. And he suggests that there might be some truth to the claims, noting that Hannaford should have noticed that "internal servers were transmitting outside the network to a strange IP. This should've raised flags somewhere--server logs, IDS logs, firewall logs."
I'll second Conry's conclusion: "In any case, the whole mess should be very instructional to retailers everywhere," particularly in light of Friday's news of attacks on top Web sites like USAToday.com, Target.com, ABCNews.com, Walmart.com, and of a data breach at Antioch University in Ohio.
A Maine-based supermarket chain on Monday reported a data intrusion into its computer network that has put some 4.2 million customer credit and debit card accounts at risk, according to the company and press accounts.
No personal information, such as names or addresses, was accessed, said Ronald Hodge, chief executive of Hannaford Bros. in a letter apologizing to customers. "The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization," he said.
Hodge added that the intrusion affected customers at Hannaford stores, Sweetbay stores in Florida and certain independently owned retail locations in the Northeast that carry Hannaford products. "We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry," he wrote.
Of the credit card accounts exposed, 1,800 cases have been reported so far, the Associated Press reported citing a Hannaford executive. The data breach began on December 7 and wasn't contained until March 10, the same executive told the AP. Hodge said Hannaford is cooperating with credit and debit card issuers to ensure affected customers are protected. The company is working with law enforcement to help identify those responsible.
The breach of 4.2 million accounts is significant, but nothing compared with the 45.7 million accounts compromised over a two-year period in a data breach of customer records at TJX Companies, the operator of T.J. Maxx and Marshalls retail chains.
Online trading company TD Ameritrade alerted more than 6 million customers Friday that a security breach occurred with its client information database.
The database contained such sensitive information as clients' names, Social Security numbers, dates of birth, addresses, phone numbers and trading activity.
Ameritrade, however, stressed that it has no evidence that Social Security numbers and client demographics, such as birth dates and trading activity information, were retrieved or used to commit identity theft. The company also notes that Ameritrade's user log-ins and passwords were not part of the database.
The discovery was made a couple of weeks ago, when the online broker learned that investment-related spam had infiltrated the brokers' system. The malicious code allowed a hacker to access some of the information stored in the database.
A TD Ameritrade spokeswoman declined to give further details of the security breach, noting that the investigation is still ongoing.
But one security expert said it could have happened one of two ways.
"There are only two different ways this could have happened. There was either a vulnerability with their Web site and it was hacked, or someone internally gained access with a Trojan horse," said Graham Cluley, senior technology consultant at Sophos.
He warned that Ameritrade clients should be on the lookout for phishing attempts, which try to steal users' log-ins and passwords by lulling them into believing the e-mail is being sent by the online broker.
Hackers may also try to use the information to run a pump-and-dump scheme, in which certain stocks are touted to clients, driving up the stock price before the attackers dump the stock.
Ameritrade said it hired ID Analytics to conduct a forensics test to ascertain what information, if any, has been compromised. It has also posted more information on its Web site.
- prev
- 1
- next
