PORTLAND, Maine (3/18/08)--A breach into the computer system of Maine-based Hannaford Bros. Co. supermarket chain resulted in the theft of up to 4.2 million customer credit and debit card numbers from more than 200 stores in several states, according to the company. The intrusion affected all 165 Hannaford stores in New England and New York State, and 106 Sweetbay stores in Florida. Also affected were certain independently owned retail locations in the Northeast that carry Hannaford products, the company said. Hannaford said in an announcement on its website the data was accessed illegally from the company's computer systems during the card verification transmission process in transactions. The stolen data were limited to credit and debit card numbers and expiration dates. "No personal information, such as names or addresses, was accessed," said President/CEO Ron Hodge. "Hannaford doesn't collect, know or keep any personally identifiable customer information from transactions." The company can't send letters directly to the potentially affected customers "because we do not have their names and addresses," it said on the website. Carol Eleazer, Hannaford's vice president of marketing in Scarborough, Mass., said the numbers potentially exposed to fraud are estimated at 4.23 million (Associated Press March 17). That would put the breach among one of the largest retail breaches experienced so far, but nowhere near the TJX Cos. breach of last year, which compromised up to 94 million cards and resulted in a number of lawsuits from financial institutions seeking to recoup expenses from reissuing cards. Hodges said the company became aware of unusual card activity on Feb. 27. Investigators discovered that the data breach began on Dec. 7 and it wasn't contained until March 10. "We would advise customers that have made purchases at our stores using credit or debit cards over the last three months, and who suspect that their accounts may have been compromised, should immediately notify their card issuer or bank," said the Hannaford website. The Massachusetts Bankers Association said that between 60 and 70 of its member banks were contacted by Visa and MasterCard but the retailer was not identified. An attorney with the Maine Credit Union League asked for help from the Credit Union National Association in alerting credit unions.