funsec mailing list archives
Advanced tactic targeted grocer - 'Malware' stole Hannaford data
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Fri, 28 Mar 2008 08:57:51 -0400
http://www.boston.com/news/local/articles/2008/03/28/advanced_tactic_targete d_grocer/ A massive data breach at Hannaford Brothers Cos. was caused by a "new and sophisticated" method in which software was secretly installed on servers at every one of its grocery stores, the company told Massachusetts regulators this week. The unauthorized intrusion the company disclosed on March 17 stemmed from software that intercepted card data from customers as they paid with plastic at store checkout counters, and sent the data overseas, Hannaford's top lawyer said in a letter sent to Attorney General Martha Coakley and Governor Deval Patrick's Office of Consumer Affairs and Business Regulation. The software was installed on computer servers at each of the roughly 300 stores operated by Hannaford and its partners. Hannaford did not say how the software might have been placed on so many servers, and company spokeswoman Carol Eleazer said the company continues to investigate how the software was installed and other specifics of the breach. The Secret Service, which pursues currency crimes, is conducting its own investigation. . Dickinson wrote that an "illicit and unauthorized computer program" known as "malware" was installed on the servers of each of the stores the company operates in Maine, Vermont, New Hampshire, Massachusetts, and New York, plus at stores elsewhere, including the Sweetbay chain in Florida, that use its payment systems. Hannaford and Sweetbay are owned by Belgium's Delhaize Group. The malware intercepted the "track 2" data stored on the magnetic stripe of payment cards as customers used them at the checkout counter, Dickinson wrote. This track includes the card's number and expiration date, but not the customer's name. The data were taken "in transit for authorization from the point of sale," the letter states, meaning as it was transmitted from the cash register to one of the institutions that Hannaford uses to process transactions. Eleazer said these include major card networks and First Data Corp. of Denver, a major processor. The malware on the store servers stored up records of these purchases in batches, then transmitted them to an unnamed offshore Internet service provider, the letter states. Foreign crime rings have been blamed in a number of other payment card fraud cases.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Advanced tactic targeted grocer - 'Malware' stole Hannaford data Richard M. Smith (Mar 28)
- Re: Advanced tactic targeted grocer - 'Malware' stoleHannaford data Discini, Sonny (Mar 28)
- Re: Advanced tactic targeted grocer - 'Malware' stoleHannaford data B.K. DeLong (Mar 28)
- Re: Advanced tactic targeted grocer - 'Malware' stoleHannaford data Discini, Sonny (Mar 28)