SCARBOROUGH, Maine (4/23/08)--Maine-based grocery chain Hannaford Bros. announced Tuesday it expects to spend millions to beef up its information technology (IT) security in the wake of a data breach that resulted in the theft of 4.2 million credit and debit card numbers. Hannaford announced it plans to install new intrusion-prevention systems that will monitor activities 24/7 on its network and individual systems at its stores. It also will deploy PIN pad devices featuring Triple DES encryption support in store checkout aisles (Computerword April 22). The card numbers were stolen during the authorization process after customers swiped their cards at the grocery stores in New England, New York and Florida. The cards were compromised from Dec. 7 to March 10. Credit unions in those states were among the financial institutions reissuing credit and debit cards due to the breach. Maine credit unions were especially hit, since the chain is prevalent in that state. In Tuesday's announcement, Hannaford Bros. President/CEO Ron Hodge apologized again for the breach and said the company had seen no drop in sales since the data breach was announced March 17 (Associated Press and The Boston Globe April 22). A recent survey released by the Ponemon Institute found that nearly one-third of consumers notified of a security breach terminate their relationship with the company, with frustration about the timeliness of notification of a breach (SCMagazine April 16). Roughly 83% of people surveyed said they had received at least one notification of a data breach in the past two years, while 47% received multiple notifications. More than half said it took the company involved longer than a month to contact them. Seventy-one percent said notification should be made within a week after a breach. About 63% of survey respondents said notification letters they received offered no direction on steps to take to protect their data, according to the Consumer's Report Card on Data Breach Notification, sponsored by ID Experts. That was not the case in the Hannaford Bros. breach. The company posted information on its website to aid customers affected by the breach.