WESTBROOK, Maine (3/19/08)--The magnitude of a Hannaford Bros. Co data breach could top previous retail data breaches, according to the Maine Credit Union League. “Because the compromise occurred at a major Maine retailer that so many Maine people use on a regular basis, the impact and cost of this compromise will be significantly higher than the TJX compromise last year,” said Rebekah Higgins, card services manager at Synergent, a service subsidiary of the league. The breach occurred at Maine-based Hannaford Bros. Co supermarket chain, which affected all 165 stores in New England and New York, and 106 Sweetbay stores in Florida. The breach also affected some independently owned retail locations in the Northeast that sell Hannaford products, Hannaford Bros. said. Maine credit unions expect to reissue 100,000 new credit and debit cards as a result of the compromise, the league said. Higgins urged cardholders to contact their financial institutions to report suspicious activity. “Consumers have zero liability in this compromise,” she said. In the case of Hannaford Bros., the affected financial institutions have “done everything right and it is the merchant who bears full responsibility of the compromise,” said John Murphy, league president, noting that financial institutions will bear most of the costs of reissuing cards, staff resources and communications with members. The league helped to draft legislation introduced this session that directs the Bureau of Financial Institutions in Maine to study the effect of data security breaches on Maine credit unions and banks and report its findings by Dec. 1, 2008. The legislation has passed the state’s House and Senate, and is almost ready for the governor’s approval. “Hopefully, this is the first step in helping to further understand the significance of this issue and begin to look for ways that will force the cause of the compromises and breaches to be held accountable and responsible for the cost, a solution we believe would lead to better security measures being put in place to prevent breaches and better protect consumers,” Murphy said. “We are strong advocates that the time has come to shift the financial burden from the financial institution to the source of the breach because, in the case of credit unions, every member-owner is affected by the breach,” he concluded.