|
|
|
Hannaford Looks for Answers After Breach
By: Dan Berthiaume
2008-03-18
Article Rating: / 9
There are 6 user comments on this Network Security & Hardware story.
An analyst says that it will be important to find out whether the supermarket chain was PCI-compliant.In the wake of a security breach involving the theft of more than 2,000
credit card numbers, Hannaford Bros. officials March 18 worked to ease concerns
of customers who may have been victimized.
The supermarket chain, which is based in
Scarborough,
Maine, and runs stores in
New
England and
New York
as well as Sweetbay supermarkets in
Florida,
posted a letter
on its Web site from CEO Ron Hodge, saying that the companys systems are
among the most secure in the industry. Hodge also said that while credit and
debit card numbers and expiration dates were stolen, no personal
informationsuch as names and addresseswere taken.
Hodge said the data was illegally taken during the transmission of credit
card authorization.
However, the breach raises the question of what security measures were used
by Hannaford, and whether the retail chain was compliant with credit card data
security standards established by the Payment Card Industry (PCI) Security
Standards Council.
Hannaford, which has set up a special team to deal with the investigation of
and fallout from the breach, did not reply to a request for comment from eWEEK.
One analyst said it will be important to learn what security measures the
supermarket chain had in place.
Steve Rowen, an analyst with RSR Research, said that if Hannaford was
PCI-compliant during the time period the breach occurredofficials reportedly
have said they discovered the breach Feb. 27it could have implications for
data encryption in general and PCI standards in particular.
At first glance, it would appear that Hannaford is just another example of
a retailer who adopted the wait-and-see attitude typical of so many retailers
we've surveyed over the past years, Rowen said. But there are key
reasons to believe that the Hannaford breach was different. Hannaford
CEO Ron Hodges
statement included the perfunctory mention that the company believed its
protection methods to be strong.
Rowen pointed to news reports in the Boston Globe indicating that Hannaford
was compliant with key industry standards, which he said further raises the
question of whether Hannaford did comply with PCI standards.
If that does, indeed, prove true, this breach could take on an entirely
different meaning for the retail industry, he said.
Glenn Boyet, director of marketing and communications for the PCI Security
Standards Council, said the council sets standards but does not certify or
track companies to ensure compliance.
Research shows that SMBs are consistently putting out security fires. Read more here.
A spokesperson for credit card issuer MasterCard said MasterCard monitors
PCI compliance based on regular reports from acquiring bank customers but does
not publicly comment on the reports or comment on compliance status.
Rowen said PCI compliance is simply evidence that retailers are using
business tools to protect customer information, but that by itself is not enough
to guarantee against security breaches like the one at Hannaford.
It will likely be some time before we find out, but Hannaford may well be
the first of the good guys taking a proactive customer data security stance
to be truly victimized, Rowen said.
In his letter, Hodge said Hannaford is working with card issuers to ensure
those customers impacted are protected.
We also alerted law enforcement authorities and are working closely with
them to help identify those responsible, he said. We realize this incident
may raise concerns and questions for our customers, and we sincerely regret any
inconvenience this attack on our system may cause you.
Dan Berthiaume covers the retail space for eWEEK. For more industry news,
check out eWEEK.coms Retail Site.
 |
|
|
�������x}is㶲*�Qމg5ER-uƶ�K3>zU*$�CR^wr�_7�nZ(dr8�[��ݍFλ�$i9cr3ݩk��j.w߽�!d[f8i�TE[�]ߤ~�Am;t� =4mFNHB��~}@~sf*w��D!H/�ԎT�a@]2x�6;k:&o4veki cߨ_�[&``1\�|T@!j��:iݑ |i @I>b(áh]
](
Ѽ��e�MGQR`N
Cw*�?�,
L%h���G�Qe�͟a�adw^x/4�;U'i�?��Sա(v�2%vk>6^:�6
�FȅC�z$nRvn7o\ 2�5I2�C[��0,�HmfCcW`pmׇɩVsTq3#}j�ݷt{�#�ԷF:S��S�C3Mu��N_CԿ(K�8VR#/�y�
y��>z u<-��YV5�^q;ݙc�oE-2GlR� =�y7`BaC�J&5\_�-E&>�5
ؗ�Y͢`E3l˸-:4
PS+}(Z�E}`[¥;ho>;W)EsvU !��mݹ��Wඒ�k%m�s|uO}~N�6ox�9vtx/ȯ0wFD_j��QEVKi�/LZH���?.'N{���] x�Z�j/4E;J
KHS�Ә=
(����N,#�uG�Ҿ췯;6鷏ώ;S$oIJ1<�ZMӀ�H�Z�zd�!=Y�
ӓKIGNs!)|vg>!5MP\̱¬8ڪV�W`Ck'^�SQ?�&�:aZ+}I-IM&!Ժxt9&�IoJDz|?!<_��C��J�ݖe�L_*X_��K�j�,�o�0H�ˤdL2X��c��]NМYu
�U M�Z!RB:A`�̺k��R�$9�(�8ȟ"�i�8�@r5�YSl� �\揇o4'M3XE�U��>hi,A[��]O+&o�#>��yfR�B(&�PHQ��&&�TR]y6a�PY<8z�uwܬ-�e j4ޙϳ~<Ҳ[wqnUO�^
K�/364>h�.B2iK1qKꛫZkTd~Xʾ��U�q+-Aqb2B��c�=&M:gvX�Y8�����;}JwSjZic;N*5b}4>'AGA�ti�š4ϬP7&��hC:}ҍ;LZ ���N{ݧHo]>':� }!PI�H�)
FA��=H:]6�ZЉ\?c
V�CB뎂:�{�ښB�"(QޒС4�мa���y�j =�*~3`�=g��{`����tև
*��SsfPB��XBӽB61 �}wʠ:�F'(Y
nU]ޖK{xN(�}U)�4�I
�̇J�>5nU�AJ��1�t�ϏE=kb�$~��
,D,D�,
%*cΫ(ˬܲPӔ�f,�K1.�I�/�t�P܊�&)9Aw
���Es袝FĿ\;ͪrK`YU{-VWv/>:A']ֹ�P+=o�@�yC� h{��m+aԥ �/
E�AndZ:�X>}iH^$ôWRo?M�tv:�KF�5��&��/UKW+@�dy#kzESڡWr9{�vn
g&�A�pG�Nݔ: I�Jlx
|���UKߵA)"==r3CN�:1�8<=^Rj�&n \�4+ˀ9\GUmRPb|�F�ȸi�BqmX@XR@G�=�\�K~zo,�i{qOٕ.[R\�|zn� X�Z�Q��>*Ϩfl:l���
}ݛt�ļZA_`՚
ԯ'jE)j4�`�/#[ݵ�A
;rm۽�sD~,-CZ!�3����npj
Z�*L�"�AqA049?\v�g�;fcFm�OYвNu6$�T^.)J5E��` N �2&8Ћh��s)7lj)OP?�(<�Z^"���h
��Zf!�1@:;Jp qSՊ�a�Q��VI
9dDfbNg��0k&*�w�V�*)<�+uP5Vu
2�\E����̓Oi�*r1��?�M=�[LFzɶ0'{h'�? ��Yo�:akAyʧ"Bd+�~5o՝�sNC7E$�9`ܘ��GpXH/ow�6��$pXkSZRQ�hu@VI �3YˡYF 3_6^u,
ς2zc_7)~l$\EC>km�{~B�\TT�Y\^�CU\+Ԋ�/YXIIKɜ]A�р-\v8�+ps)p�/O A'GZM%XR~4wi#y/&!��hs�{g OL2zf�[Ҧ&4Ɲ.W �1Tcf?¾eFq�a5צLDt@�j:,��U)�OLKZ^$lp���y��E4q{i7L5Luf`���$ŝӚwr� >J�͆Rie�mR��ߑN\X c��($jA�ç{,t�2jUk7��ʠ��ˤ�ZDZvV
��&,c
\9x���
"�_�I�kL2x0O
/V*UYqALoxqNL�^\}ۅ^?hueaj��cE6��kJ�~��Zg�^��t=lvD2�m;?RTn:'�R1i/.:�v ��N�:N��!9kwޟ��{={q /*�}U\y@*�6-�_w?^H6�tȁYM $ȅ��X����CfOճ2urҹ|/]:lQy�9p0\��!=ШQ^�8�K%y_;$˶u�߽��9$x�!;/�Xx��G]9>oOM1+&03hĜ<⑩�!�g`B�V��T8I��\y]s:TzF_js9ψa�a�&ꏝ%G0
Z�`!�灙�ސ{PVC (ʡ�=`����` ɈN9̝�cϻA��BL0B�_�XH�!)�$je�+H;i�w[(�6[�F_�ѫ�ٿ�y�~YVST
�t6~O��0bIb^Kf+ƭԓN:H|�I�NN��>os_,DChpF�Qxc�|o}�A\d~j_��eԉ)%R�\
'��{6-~=w`��Rv��G�P2)\z�ґ*IZ[Ű˼
ݖ6`�9s2)�Mz.�p�+|Li+'iZVӼ�6X(��4%�4TNҌO�CYB*d=7'�һj]npV�Pto6+Ps~붱��yt3"iE1�e(5�~u�-�H�>bG�-�5�*vZZFZv*�?v�Ƈ�)� L8�)X�zH0PH�倜�b}~YU߯I;u,t#�(���:#7�N��vʌW!��`(��v�,F�f-�w�3llyRеltd@T7&�Mx���ZG9�Ϟ16q�IАYc=ty8!�-[^:ݷ͆2ߓ�̆{Jǻoc Ǯv'ۻw�};q*ApC<�,�F&c:��I"�IQU֭��EdU)I=Y)ėƓ�;�ݏLF�xL_/@�oFҁ��&-3���3F-߸2}K#�7�}{�E"�cO�4v�7
]ekw}B!u\6Km܊ȥ�9s\�5"�nx*Z$|>Ok�d�" h6vo"D`"s�ME[o<ק{cej7X#S�OR1\jc|Syg�ld����a���зZ)#�)$ƙ�a
d�Jփ�6ˎ˷Fp7�.
f_�!O�#%�JJ
,�-Q`mZ��9_�Ъ ŵQ`Z���Ǵ�/qFԱ�Qo*_��2$;l�ߔƂ1f̙�ʈ1WcZ*�|e�b�ƒK0K,BH|�pN7LV&S~q*���wC_ƭ�E+.q�h&pb�ow�x7m r`f[w!rtV>֧ld�Qj%$ɻb
]-Q
��хလ4 ,Tv�N�:��(�]7
]n6_�pR}
�uR{z8QUQ fx
oD7%֘!��dwvOE۲Cׇj{|Ľ:�|"1�ͭ(p8{~0Y&�f^2df̆5' /FOF�?(�czDUH�3ʮ8H#!c�+n�=6((�䉟y��b[M¨�RĀe=I&O2 0gTGUy%=W'fo6�S�;G,%�d�H�3�|Z-�)0w{� 6({6 xZ11�Qxσ��@>s量B5i�2PI�ܵ9�I�)/
�\;]1�K(Y�Ģ|�c%8|��S&��K*:�/xUJ :4,גr�L�?Jd�]qs"�Ϯ*I�=ERaN$.m`tMj55u_k�VZ^?,W*ղR>4VFcN�Hi0.K���Oat/ɡ�:� �"���9
w�l&Z�AC#��F#�'7ty`�ᇐa9u�.z8eX,;87i\Ԕ�Jjµ_oƿ�6_�~�S -��$=Bٳ�E�`@Fk8�0OHJj>Id�}Ɋ$f$ B��&#[M,�U)c�$��H\U{0~ƾUXפ㎔X~A�%��;JXU�US
\Dd2{a8Me?a1��fs]�v9�6UI)IZm\�hO'��0=�3qt/�n0�֭i �H` /,� C��N71hs"�6aI�z5-Ex-rz�,E�z�"O-�%)�^JDXCcױ�%J,:hRTR°'5%GF!�AM1��W!h�qѭg_RjRIٔzʯ$M/Hxi>E��@QGj��B�n(������&��I'Je�0�!)Hh>��V'�,�ݡU;s�˖,t#%~fkZ\#cSmd��L8`��N�FWkQ'+6As�:M۔ު/LƸj?x
�#5��[rj��p�Pp^�E= 1`�Go4p,#3�g(�<�%ߊ,kee_|^۶1-5
u�7���JC �
u�aA:fb��C�$�PU?c=~!%K�|j-�䦺rw4vƚ,+,zHt?@I۬)iĸ"HR_ZʘZnHh/fW`��HЭ�/_oq0#il�~+UR4c{ȥ'7�!6�prk/5ݛ�/�\@قKH�:
�c"�ׇ1OD}�zTg`N`͍2~r_oFoFoFoFyFJV)}mF\�zȻ�=" ćaڼg6�o*b}�&/[FWA�O-t7�msr-�t< �DP�OAm{n\Ѓ�U(|X\ҋ
zFi_:t@>t�o
̥N?!�ݿԛwq5�v u*WZ.gV2K�זmTEW�Ѹ-&6%(xu\&W$^(*)�m�gp�
177,�2}e��Qr�ͨ.]�j2VO9I�67G�,x |@�Wk�ޗn7U9*i눾ӧ=jx~1olMJ}iԪozϘsP1 ZiD�kv/No뛋{,��>J�cO@�1,�j_gÇ^%5oMP5us=Pw&�.}'M�8%ыǕ{[xp=sZ��"0���w�mYoGK3I"{A۴Vx{�7i�``�W۰8ư<�ϊCl5>my�mum-6ө{G�e�X -_ߩ8#']V�Am�Aȼ#K�ԬD5VfX�*j%"Q0Mw )┱fai����93?�KI5P�/"J���)z��tM;G{AZjsZ��'�ds^"6��|�e'y�Z=_�'7`�>C��S&p6�]}�r�Ec�?bTlܝ�6��=B\ﲳ9n
P^{Fʼn�ܳEHQn){Z}O�lmg,�W+H�,�k V�@dzgc 0�}�nC$Ɩ��[?_+�V?�qыʟ�*�nO2�u�jStg
f4j���Su&ߞyF[ꏩWD#?
MD)`G%|�B~뇺��~�ϒME8/X���dR(�dB�H��5�Ϲ�{/P�xdt�$/&'RD=?eO|#�~U13ʑmO�d�PM�# w䏹L/o�.Hf�VM
,�aD��G<�G#0k�~'~LЍ_"j\x]7�Js�0wUĤ�A�҂�B<콧w�ĨW�5-��lV/ժڽ�E=4!Cu_�ZהV/�eE�X��0
F0�9Ծ|y`dgҧ9E2jɣv#/'#wRʥz53ۏe�Va�*ze
ЃoM)�,+G�
*��&�Vc�ۀN��cۡWǪ%chٱZ"I�J>�(w(<� +^Q�$�V c,�x{:9]�:u_a��i*pM[d{=�<�HH�Y�#/7�3#�=F�ZYrRGO9\d3-nVTm}yV9�f$d0|N'�G`;IX"(���Iϣ23?b)o*,}�W0ja`�gŚx9�
1غ@u1Q]�3ZMqh�e״�B;�Y�@6F|1E�C)$G �E
T��Ѝ�B9O͒;I�P}3Y?d=a��'2u?|{q�BJ�=L�~C���+��W4�'mBl�BϦ!�ו�o5aT0�|LѭAnlxUk{VyKb;{�����̊(HKt4*:�>m;={LfRO��a��/'gL�N�CRY`O�i${�M�1M@4]qY�Ec�`�K!(f꜓M{ha�Ȑ_~tg(-$=>�mGT�/ 0G>z4x#n�Oc`�\CR)@vqY�k�(a#ne5�%�!��_Mx�
:�LZP4eϷF}+E4Du2�t0��82|*%�0��cH5
x�E��? �nrn[ք�ᑰ��5"t�
B�[�w��II!aJ�y 1�[�SӖ�{(tӽ�\16Faŷ^�(l8*~vxcF>b|�>G+=`qY�W@t�Rʝ�(b��E�d�7�@��45���!\�z%%n4Wp=9��Ǜ��{JÉ���:�aw�w.Bt?揣Oðq?S��Wہ@V�pRt=��:rtԨ)ʞ*|g�C�`�g�scq
S��2S¤vt-\/@�<�P�t4'�/��v7,X�zob� �A��@�p)4f՚RR"`@)5C�[TU|.A@gyݬf/���ziJd�R
��?h�$@F쎆=d2=���fڟ�4BuuuvI^ۤw|ݹw}kO֒E�_gn՝es/4O-�Vbv>4mKL�xe$AN/[�m(NT3\H�^Dǒ�<�^;KwE�Geq~�^ �LIwk0%lyї�5�1.o&,l+�C*=�vc+)�txu;�_-�fy�P|CHoAK�e>4
5�+U�o��E�
)n}>eЌTj^+U_m�9�9B9א:�B~7'�):�pp?�quY<�|_'h\C;9+4?r?C�<�>v͋_�_�^�s��E/>/r�">G/s ?AYN? �9��{3?9s w3]7]?��͑/W@�W9q�r_�\O�����诟CB?W�C_ S^>S>�>�o~or�ڿi�&k$C�nN�pr+Q�T /׀a�uy�9@~�N͡*lcr\-�䌿
{�9;k?�v'}и�CJW\/�̙YmcLkl�R@PU?�{Ь`�]!=eD)��s җe.m� �`$qt�3��W]�x6p۪c�<���#p+ct
Kk>4�珶xwY.-�j.9���m(!�9q}2�o�pفOj]��%�Os�WY�n-��aPC3C_o��@/kOx�g
v>赏?^wYj7@�i__�Wm̦�daCe�GӰ�XS/�US
!Pi0��p=s?аs�3R_
N+u76��A�́a[@ �o6eM+5VkZpwrHi3="AO�
�]�1EƋ��æᄽJ/���$`
�}3w�Psg~�q=u]
YN�5,�XA0{�}@ņ�jib�J=�}p�)\;�l�=�2qg�&?8MqkI�D;�o0m&Z=*ȁJ=C��C*w,#�[L�>4=�|#��v�.LyUz~u;�(8��,^bYđE
���&�`XC��,k'l�yjb+u_
9@��˲D`ȼ!'9CRhfnX?w/�bCŐt��ǒB3X�7���b'mtR�-@OZMX�v;n\x�#0�a,9�COi3 &�1icЁu$|�
�$G3x7X05:�9�xm��g-17e6M6 �F�@mCrOWO%
�G'ޣf���uK6baﲮnG�\TEK5 X =c>X>؛^�&2�|1'#_K�wRax�z222~)L��nb�[>/I>�{U�{B����eOV,|v�/�H ^B)�;-��C%�uo��cOai�l@��咄 XV䁝'� A'|NbOh-xYe7gM�$rq�=}�M �{i�V��SVT"E�m�u;WdԦuP#vHϵg�9e� �7G.�
U1^{�3�E3$(�z�O{ĠC)be h
km8p9o"se}�e ӧ/D��
o* aLu�&� nE!R9*�͆wAoL3[Y,�&���/ă_| Њ3ga��$�gArD~{J}&*P�=eٚ�;]�v,��/d-+2lХ�v��HyE_OD&M$|Cb1G$]t
""_R a�O�Km`N��B�`N:m�v89D@0a�vwj9'e.,s0ŴBSs��Y
Q�o~j]�O(#k��5�y`w`ghB�P�/RNy(s*>`H�A1D�K:ӗݜ����o|�8j�o.|4p�}�π XsCQ%7
�},7eVn� [��r@LEߟ�2~"�L�)\��Ԧ?M�Sw�)+S9,@Ƃ�<�rvד69qS�@Dvg˫Hvx56VsֈNa]�ۺKAў(Y�n0o6`��#]ǞG:K8~mA=be{,-U�rcxdKXf�:PmyX� o+Ѡ�Ǘ%�`/��9H,�]S\c�^)ZvA��1u��B�(a��4@L?U`ɟ=|TI�7(G,cմ�Q`[:*6
V�n�۲
U�yDM7(-˧�yݒa=r�+��c�b:ngFb�+�
�fχŀ-�n[_q�x�FF|�/�X�:˧t�c)�dt̄ea�ԐDZμ2;g'rQ\F$�#00/�y╔ul�+���m=GPX�1+ ���RG�Qf7}Oa�F*)Au�Ұ·�- xs�Wm��H"<-c{dqO�|�OxNž=�Kf}'s)VR,_X0�]<":+ 7�+��Sq�k?��)Z�ByڽK�RI>Q�}��v,~vu~mG a�28W<Ɠdߴ;�K�,�mݸG�ﯻ�/OHQ�e',��!�jt.ߧ�c=;`on73tg�>p7*@�Q,jUrz' l5mEgl(3��w'J^Qw�zg/ZROa6%s|M91KiK^^,�OL.ĉc�6lgLt�)�cRD[`l/Z6w?Cce*��
|
Network Security & Hardware 
