AUGUSTA, Maine (1/5/09)--Credit unions and banks in Maine incurred $2.1 million in combined expenses from two large data breaches in 2007 and 2008, according to a report from Maine’s Bureau of Financial Institutions. The “Maine Data Breach Study” reveals the impact a large-scale data breach has on Maine banks, credit unions and their customers,” said Bureau Superintendent Lloyd P. LaFountain III. Since 2007, two major data breaches affected Maine’s financial institutions—the TJX Cos. data breach announced in January 2007 and the Hannaford Bros. breach announced last March. LaFountain reported that 75 financial institutions—50 credit unions and 25 banks—responded to the survey. Of those, 71 institutions reported they were affected by at least one data breach since Jan. 1, 2007. The Hannaford breach, which involved a grocery store chain based in New England, affected the most institutions surveyed—71. It also compromised the greatest number of account holders--243,599—and was responsible for the largest dollar number in expenses--$1.6 million. More than 186,885 cards were reissued in that breach, said the agency. The TJX Cos. breach, which involved the Massachusetts based company’s retail stores such as Marshalls, affected 52 credit unions and banks and 64,825 accounts and cost $485,245. It resulted in Maine institutions reissuing 54,737 cards. Other breaches affected 18 institutions and 8,000 accounts and cost $62,760, with 4,857 cards reissued. Of the 71 credit unions and banks with compromised accounts, 25 reported unauthorized or fraudulent transfers. In one case, the unauthorized activity involved only one account. But in most instances, fewer than 25 accounts were compromised.