Hannaford toughens computer security after breach
The supermarket chain Hannaford Bros. Co. has spent millions of dollars on additional security measures since last month’s revelation that hackers may have accessed up to 4.2 million credit and debit card numbers, it said today.
The grocer, based in Scarborough, Maine, has stores in Massachusetts and several other states. It has started encrypting card numbers from the moment they are swiped at checkout counters. And it has tapped IBM to monitor security for its computer network around the clock.
But Hannaford’s top security executive said some other retailers are probably still vulnerable to similar attacks. ‘‘The latest threat wasn’t anticipated,’’ said chief information officer Bill Homa. ‘‘The bad guys are one step ahead.’’
Hannaford told Massachusetts authorities it found unauthorized computer programs, called malware, on servers in more than 270 stores. When customers swiped their credit cards, the malware intercepted the data as it was transmitted from cash register to credit card processors.
The malware stored the data — card numbers and expiration dates — on store computers and later sent the information to offshore computers, where it could presumably be picked up by the thieves.
Hannaford has said the intrusion potentially compromised cards used between Dec. 7 and March 10, sparking at least 1,800 reports of fraud.
Homa said the company complied with all the latest credit-card industry security standards. But, he said, the standards were written mainly to secure data stored on retailers’ internal computers and didn’t anticipate that hackers might be able to intercept credit-card numbers as they were transmitted to card processors for authorization.
‘‘It’s an ever-escalating issue,’’ said David Hogan, chief information officer for the National Retail Federation, a trade association. ‘‘It’s like building a wall around your credit card data. Your professional hacker just builds a taller ladder.’’
(By Todd Wallack, Globe staff)
