Eric Lundquist - Security - Hannaford Data Theft Was No Smash and Grab | eWeek

Hannaford Data Theft Was No Smash and Grab

Verfasst von
Eric Lundquist
Eric Lundquist
Mar 28, 2008
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Retailers, e-commerce developers and security vendors should be paying close attention to the data breach case unfolding around the Hannaford Brothers Cos. Unlike many data breaches in the past that fall into the “smash and grab” category, the Hannaford breach (which may affect 4.2 million credit and debit card numbers) appears to have been a well-orchestrated theft of real-time credit data moving across the network and apparently meeting most of the current security standards.

A front page article in the Friday, March 28 Boston Globe offers previously undisclosed details of the breach. This was no case of lost back-up tapes, unprotected laptops or a tap of unprotected wireless data.

According to a letter written by Hannaford’s general counsel Emily D. Dickinson and quoted in the Globe, an “illicit and unauthorized computer program known as ‘malware’ was installed on the servers of each of the stores the company operates in Maine, Vermont, New Hampshire, Massachusetts and New York, plus at stores elsewhere…” The letter goes on to state that the data was taken “in transit for authorization from the point of sale.” The company had been recertified as meeting credit card standards as recently as February 27, 2008.

Stealing data in transit is akin to hijacking a truck as it moves down the highway. You can do it, but it takes several levels of sophistication beyond a theft of a parked vehicle. So now, the IT security detectives will start back-tracking through the Hannaford network looking at access logs, server patches and network traffic.

In two weeks, San Francisco will host the big RSA security show. There will be lots of discussion about securing data, not devices and balancing the need for security with the desire for easily accessible, fast e-commerce transactions. I expect that breaches such as the one unfolding at Hannaford will push the development of system-wide security planning that includes end-to-end encryption based on a public key infrastructure.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.