MADISON, Wis. (3/19/08)--Since news of a data breach involving Hannaford Bros. Co. retail stores broke, NorthCountry FCU’s contact center “has been taking calls left and right,” CEO John Benoit told News Now. NorthCountry, located in South Burlington, Vt., expects to re-issue about 3,000 debit cards and 500 credit cards for members as a result of the breach, which affected all 165 Hannaford stores in New England and New York State, and 106 Sweetbay stores in Florida. The credit union also prepared a letter. “Our first concern is to get the word out to the members,” Benoit said. The Association of Vermont Credit Unions (AVCU) has spoken with its affiliated credit unions and is identifying which cards were compromised. “We have limited reports,” AVCU president Joe Bergeron told News Now. “But it’s still early.” AVCU has a debit card program that it operates with 18 credit unions and is working with those institutions to catch fraudulent activity. Because credit unions in Vermont are “surrounded” by Hannaford stores, a substantial percentage of their card base was theoretically compromised, Bergeron added. Massachusetts credit unions are not overly panicked, but they are not happy, Rob Kimmett, Massachusetts Credit Union League senior vice president of public relations and marketing, told News Now. “It’s sad to say that they’ve gotten used to working through these things,” he said. Hannaford Bros. stores are more prominent in Central and Eastern Massachusetts, but Kimmett recognized that the breach could spread to other parts of the state. The breach’s impact on individual consumers could depend on shopper competition and consumer loyalty. It may not be as deep as a data breach involving discount retailer TJX Cos. last year because some consumers may choose to shop at other grocers, whereas with TJX, many consumers were likely to have visited one of the TJX stores at some point, Kimmett noted. However, “I’m comfortable in saying that pretty much every credit union could be affected,” he said. Stopping future breaches will require a legislative and regulatory answer, and the Massachusetts league has worked with U.S. Rep. Barney Frank (D-Mass.) on bills that impose restrictions on retailers, Kimmett said. “The problem needs to be solved.” Since receiving its Visa alert, St. Mary’s Bank has been in “‘investigative and research mode,’” said Carole Landry, director of deposit and lending operations. The Manchester, N.H.-based credit union is currently matching the Visa information it received against credit card records. Visa’s alert did not specify the name of the retailer involved with the breach, but members who saw news reports about Hannaford have contacted St. Mary’s Bank to get new credit cards. St. Mary’s Bank supplied staff with question-and-answer sheets about the breach, and has re-issued cards to members who have requested it, Landry said. “We’re putting members at the comfort level they want to be at,” she said. St. Mary’s Bank also is advising members to monitor their own banking activity, added Elizabeth Stodolski, St. Mary’s Bank director of marketing. Staff at Fulton County FCU, Gloversville, N.Y., stayed until about 9 p.m. Friday night to “hot-card” or stop members’ credit cards after receiving an alert from Visa regarding the security breach. “It was a decision we made, and in hindsight, it was a good one,” Gordon Beebe, Fulton County FCU president, told News Now. The credit union also called each member to let them know their cards were going to be re-issued. Of the 3,500 cardholders at the credit union, 1,100 have been re-issued. “It’s substantial for us,” Beebe said. “We’re just short of a $50 million asset credit union with a staff of 26, so it’s quite an impact in terms of staff time.” Fulton County FCU received some compensation for the cost of the TJX Cos. breach. “That one wasn’t too bad,” Beebe said. “But we’re wondering what the reimbursement will be with this.” Credit union members were worried when Fulton County FCU contacted them about the breach but were appreciative of their efforts. Some “think it’s an internal breach,” Beebe noted, and said the news reports have helped members understand what happened. In terms of issuing new cards, Beebe estimated that it would take about seven days. But a lot of other credit unions are re-issuing cards, which could lengthen the process and add frustration, he said. Members should have several cards, such as a Visa debit or credit card, so that when a problem occurs, they have a way to get money, he said. No credit unions in Florida have reported that they have been affected by the breach to the Florida Credit Union League, Amy Jowers, league communications coordinator, told News Now.