Malware compromised 4.2 million credit cards

 

Unauthorized software was installed on servers in Hannaford Bros supermarkets in the Northeast and Florida. The program created a data breach that compromised up to 4.2 million credit and debit cards.

Hannaford doesn't know how the malware got in its 271 stores' servers. 1,800 cases of fraud have been linked to the data breach, with unauthorized charges showing up far in Mexico, Italy and Bulgaria.

This appears to be the first large-scale theft of credit and debit card numbers while the information was in transit.

That the breach, occurred between Dec. 7 and March 10 allowed credit and debit card numbers to be stolen as shoppers swiped their cards at checkout line machines and the information was transmitted to banks for approval.

The malware turned up in all Hannaford stores in New England and New York, and in most of the company's affiliated Sweetbay stores in Florida, Eleazer said. 

The breach remains under investigation by the U.S. Secret Service and had not been previously disclosed "because of the confidential nature of the investigation".