Advanced tactic targeted grocer / 'Malware' stole Hannaford data

[David Farber <dave () farber net>]

Begin forwarded message:

From: dewayne () warpspeed com (Dewayne Hendricks)
Date: May 26, 2008 3:26:21 PM EDT
To: Dewayne-Net Technology List <xyzzy () warpspeed com>
Subject: [Dewayne-Net] Advanced tactic targeted grocer / 'Malware'  
stole Hannaford data

[Note:  This item comes from reader Monty Solomon.  DLH]

From: Monty Solomon <monty () roscom com>
Date: May 26, 2008 11:56:47 AM PDT
Subject: Advanced tactic targeted grocer / 'Malware' stole Hannaford  
data


Advanced tactic targeted grocer
'Malware' stole Hannaford data

By Ross Kerber, Globe Staff  |  March 28, 2008
The Boston Globe

A massive data breach at Hannaford Brothers Cos. was caused by a "new
and sophisticated" method in which software was secretly installed on
servers at every one of its grocery stores, the company told
Massachusetts regulators this week.

The unauthorized intrusion the company disclosed on March 17 stemmed
from software that intercepted card data from customers as they paid
with plastic at store checkout counters, and sent the data overseas,
Hannaford's top lawyer said in a letter sent to Attorney General
Martha Coakley and Governor Deval Patrick's Office of Consumer
Affairs and Business Regulation.

The software was installed on computer servers at each of the roughly
300 stores operated by Hannaford and its partners. Hannaford did not
say how the software might have been placed on so many servers, and
company spokeswoman Carol Eleazer said the company continues to
investigate how the software was installed and other specifics of the
breach. The Secret Service, which pursues currency crimes, is
conducting its own investigation.

Data security specialists say the new details show how hackers have
grown more adept at penetrating weak links in the systems that
connect merchants and banks. In previous breaches, such as the
record-setting intrusion at TJX Cos. of Framingham, where as many as
100 million card numbers were compromised, hackers took advantage of
merchants who stored customer names and card data - sometimes in
violation of payment industry standards - at central locations in
their computer networks.

In contrast, Hannaford says it did not store customer information.
The hackers who struck Hannaford mined a stream of data that the
merchant and banks were not responsible for protecting under industry
rules, industry specialists said.

..

<http://www.boston.com/news/local/articles/2008/03/28/advanced_tactic_targeted_grocer/ 
>




-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com