Eric Lundquist - Security - Hannaford Data Theft Was No Smash and Grab | eWeek

Hannaford Data Theft Was No Smash and Grab

Écrit par
Eric Lundquist
Eric Lundquist
Mar 28, 2008
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Retailers, e-commerce developers and security vendors should be paying close attention to the data breach case unfolding around the Hannaford Brothers Cos. Unlike many data breaches in the past that fall into the “smash and grab” category, the Hannaford breach (which may affect 4.2 million credit and debit card numbers) appears to have been a well-orchestrated theft of real-time credit data moving across the network and apparently meeting most of the current security standards.

A front page article in the Friday, March 28 Boston Globe offers previously undisclosed details of the breach. This was no case of lost back-up tapes, unprotected laptops or a tap of unprotected wireless data.

According to a letter written by Hannaford’s general counsel Emily D. Dickinson and quoted in the Globe, an “illicit and unauthorized computer program known as ‘malware’ was installed on the servers of each of the stores the company operates in Maine, Vermont, New Hampshire, Massachusetts and New York, plus at stores elsewhere…” The letter goes on to state that the data was taken “in transit for authorization from the point of sale.” The company had been recertified as meeting credit card standards as recently as February 27, 2008.

Stealing data in transit is akin to hijacking a truck as it moves down the highway. You can do it, but it takes several levels of sophistication beyond a theft of a parked vehicle. So now, the IT security detectives will start back-tracking through the Hannaford network looking at access logs, server patches and network traffic.

In two weeks, San Francisco will host the big RSA security show. There will be lots of discussion about securing data, not devices and balancing the need for security with the desire for easily accessible, fast e-commerce transactions. I expect that breaches such as the one unfolding at Hannaford will push the development of system-wide security planning that includes end-to-end encryption based on a public key infrastructure.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.