THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING

Hannaford details upgrades prompted by security breach

Email|Print|Single Page| Text size + By Jerry Harkavy
Associated Press Writer / April 22, 2008

PORTLAND, Maine—Hannaford Bros. Co. said Tuesday it is spending millions of dollars to enhance the security of its data network and go beyond industry standards following a massive breach that compromised up to 4.2 million credit and debit card numbers.

The new measures include encryption of all card numbers during the entire time they are within the supermarket chain's data network and installation of a "24/7-managed security monitoring and detection service" from IBM to detect intrusions, the company said.

Hannaford previously blamed unauthorized software that was secretly installed on its servers for the data breach that has been linked to about 1,800 cases of fraud.

Hannaford President and CEO Ron Hodge apologized again Tuesday to customers for concerns and inconvenience they experienced because of the breach and reported that there has been no drop in sales since it was announced five weeks ago.

In a conference call with reporters, Hodge and Bill Homa, senior vice president and chief information officer, declined to address the cause, scope and nature of the breach, citing the ongoing criminal investigation and pending litigation.

Homa said "cyber attacks" on retailers are becoming more sophisticated and Hannaford is using the intrusion that occurred between Dec. 7 and March 10 as a learning opportunity that will allow the company to improve its security systems.

Card numbers are now encrypted from the checkout line to the server in the store and onto Hannaford's corporate office, where the data is transferred to a machine run by its credit care processor, Homa explained later in an interview.

Before the data breach, the credit and debit card number and expiration dates were not encrypted from the store server to the company headquarters, Homa said.

"We've encrypted everything under our control in our environment," he said, explaining that some of the security upgrades were in the works before the breach came to light.

The used of additional encryption puts Hannaford ahead of most retailers in providing that level of security, and the changes will not cause any noticeable delays for customers in checkout lines, he said.

Avivah Litan, security analyst at Gartner Inc., said Hannaford's encryption changes exceed industry standards and will leave the company with higher state-of-the-art technology than their payment processors when it comes to protecting data in transit.

"They've actually gone above and beyond the call of duty," Litan said. "If you encrypt data in transit and you encrypt data in motion you really eliminate much of your risk."

© Copyright 2008 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

more stories like this

  • Email
  • Email
  • Print
  • Print
  • Single page
  • Single page
  • Reprints
  • Reprints
  • Share
  • Share
  • Comment
  • Comment
 
  • Share on DiggShare on Digg
  • Tag with Del.icio.us Save this article
  • powered by Del.icio.us
Your Name Your e-mail address (for return address purposes) E-mail address of recipients (separate multiple addresses with commas) Name and both e-mail fields are required.
Message (optional)
Disclaimer: Boston.com does not share this information or keep it permanently, as it is for the sole purpose of sending this one time e-mail.