SEARCH

Headlines

Washington

CU System

Market

Products & Services

Consumer

Print Today’s News

Photo Gallery

Videos

Monthly Top 10

Archive

Headlines via Email

Enter your email address:
text or HTML

RSS Feed Newsnow Headlines via RSS
What is RSS?

Contact News Now
2009 ACUC Daily News
2009 ACUC Blog

News Now LiveWire

Australian CUs have experienced strong growth in retail deposits at the expense of their regional banking rivals. http://ow.ly/goIE 2 days ago

Yakima Valley CUs have benefited from larger banks troubles as membership, deposit growth, and overall presence expand. http://ow.ly/goHD 2 days ago

Florida Central CU names CUNA board member Laida Garcia as president, CEO. Garcia succeeds the late Ed Gallagly. See http://ow.ly/gnw7 2 days ago

WesCorp detailed cost-saving initiatives-- including roughly 90 layoffs--that aim to roll back expenses to 2003 levels. See July 6 NN. 2 days ago

Wash. State CUs have seen a 313% mortgage loan increase over the last 10 years, with lower car loan, savings deposit increases. See Mon. NN. 2 days ago

more...

Click here, NCUA corp actions

Malware was secretly installed on all stores' servers

SCARBOROUGH, Maine (3/31/08)--A data breach that compromised the credit and debit cards of more than 4.2 million grocery shoppers was caused by software that was secretly installed on servers of every grocery store in the chain, says Hannaford Bros.

The "malware" intercepted card data at nearly 300 grocery stores as customers swiped their card at the checkout counter. It then sent the data overseas, said Hannaford General Counsel Emily D. Dickinson in a letter to Massachusetts Attorney General Martha Coakley and Gov. Devel Patrick's Office of Consumer Affairs and Business Regulation (The Boston Globe and Washington Post March 28).

The letter said the malware was installed on the servers of each store the company operates and that uses the company's payment systems. The stores were in Maine, Vermont, New Hampshire, Massachusetts and New York, plus the Sweetbay chain in Florida.

The malware intercepted "track 2" data stored on the cards' magnetic stripe. The data include the card's number and expiration date but not the name of the customer.

The data were stolen while in transit for authorization from the point of sale, meaning that as it went from cash register to one of the institutions Hannaford uses to process transactions. These include the major card networks and a major card processor, First Data Corp.

The malware on the store servers collected records of the purchases in batches, then transmitted them to an offshore Internet service provider.

Malware can be installed remotely if the hacker can breach a company's firewall; if servers aren't running the latest security patches; or if they are running out-of-date antivirus programs.

Hannaford has replaced the hardware on which the malware was installed, the company said.

print this story email this story
Resource Links
The Boston Globe article
Good Habits Protect Your Plastic Cards Against Fraud
ID Theft: How to Prevent It and How to Get Over It
Stop Identity Theft lobby brochure
Seminars in a Box: Identity Theft--Who's Got Your Number?


More CU/System

Copyright © 2009 - Credit Union National Association, Inc.