CUNA News Now: Malware was secretly installed on all stores' servers

News Now LiveWire

Most CUs will provide wage increases for at least some of their employees, according to CUNA's just-released Small CU Staff Salary Survey. 12 hours ago

St. L Post Dispatch on GAO report:Consumers may not benefit from altering Interchange system;would cut card competition. http://ow.ly/ETyX 13 hours ago

CUNA's Hampel: Consumer holiday spending will be up slightly from last year. See Tues NN. 17 hours ago

NCCUL and WOCCU met with Romanian CUs this week. The CUs are experiencing growth and want to increase their public relations efforts. 4 days ago

Kent Buckham has been named by NCUA as director of the newly created Office of Consumer Protection. The 7-person dept. launches in Jan. 4 days ago

Sign up; more tweets...

SCARBOROUGH, Maine (3/31/08)--A data breach that compromised the credit and debit cards of more than 4.2 million grocery shoppers was caused by software that was secretly installed on servers of every grocery store in the chain, says Hannaford Bros.

The "malware" intercepted card data at nearly 300 grocery stores as customers swiped their card at the checkout counter. It then sent the data overseas, said Hannaford General Counsel Emily D. Dickinson in a letter to Massachusetts Attorney General Martha Coakley and Gov. Devel Patrick's Office of Consumer Affairs and Business Regulation (The Boston Globe and Washington Post March 28).

The letter said the malware was installed on the servers of each store the company operates and that uses the company's payment systems. The stores were in Maine, Vermont, New Hampshire, Massachusetts and New York, plus the Sweetbay chain in Florida.

The malware intercepted "track 2" data stored on the cards' magnetic stripe. The data include the card's number and expiration date but not the name of the customer.

The data were stolen while in transit for authorization from the point of sale, meaning that as it went from cash register to one of the institutions Hannaford uses to process transactions. These include the major card networks and a major card processor, First Data Corp.

The malware on the store servers collected records of the purchases in batches, then transmitted them to an offshore Internet service provider.

Malware can be installed remotely if the hacker can breach a company's firewall; if servers aren't running the latest security patches; or if they are running out-of-date antivirus programs.

Hannaford has replaced the hardware on which the malware was installed, the company said.



SEARCH Headlines Washington CU System Market Products & Services Consumer Print Today’s News Photo Gallery Videos Monthly Top 10 Archive Headlines via Email Enter your email address: text or HTML RSS Feed What is RSS? Contact News Now
	News Now LiveWire Most CUs will provide wage increases for at least some of their employees, according to CUNA's just-released Small CU Staff Salary Survey. 12 hours ago St. L Post Dispatch on GAO report:Consumers may not benefit from altering Interchange system;would cut card competition. http://ow.ly/ETyX 13 hours ago CUNA's Hampel: Consumer holiday spending will be up slightly from last year. See Tues NN. 17 hours ago NCCUL and WOCCU met with Romanian CUs this week. The CUs are experiencing growth and want to increase their public relations efforts. 4 days ago Kent Buckham has been named by NCUA as director of the newly created Office of Consumer Protection. The 7-person dept. launches in Jan. 4 days ago Sign up; more tweets... Malware was secretly installed on all stores' servers SCARBOROUGH, Maine (3/31/08)--A data breach that compromised the credit and debit cards of more than 4.2 million grocery shoppers was caused by software that was secretly installed on servers of every grocery store in the chain, says Hannaford Bros. The "malware" intercepted card data at nearly 300 grocery stores as customers swiped their card at the checkout counter. It then sent the data overseas, said Hannaford General Counsel Emily D. Dickinson in a letter to Massachusetts Attorney General Martha Coakley and Gov. Devel Patrick's Office of Consumer Affairs and Business Regulation (The Boston Globe and Washington Post March 28). The letter said the malware was installed on the servers of each store the company operates and that uses the company's payment systems. The stores were in Maine, Vermont, New Hampshire, Massachusetts and New York, plus the Sweetbay chain in Florida. The malware intercepted "track 2" data stored on the cards' magnetic stripe. The data include the card's number and expiration date but not the name of the customer. The data were stolen while in transit for authorization from the point of sale, meaning that as it went from cash register to one of the institutions Hannaford uses to process transactions. These include the major card networks and a major card processor, First Data Corp. The malware on the store servers collected records of the purchases in batches, then transmitted them to an offshore Internet service provider. Malware can be installed remotely if the hacker can breach a company's firewall; if servers aren't running the latest security patches; or if they are running out-of-date antivirus programs. Hannaford has replaced the hardware on which the malware was installed, the company said. Resource Links The Boston Globe article Good Habits Protect Your Plastic Cards Against Fraud ID Theft: How to Prevent It and How to Get Over It Stop Identity Theft lobby brochure Seminars in a Box: Identity Theft--Who's Got Your Number? More CU/System
	Copyright © 2009 - Credit Union National Association, Inc.

More CU/System