You are here
Hannaford's top exec Ron Hodge said yesterday his company has got a defensive system ready to make sure "one of the biggest challenges for the company in its 100-plus year history" will not repeat itself.
During a media conference yesterday, the president and c.e.o. and other officials at Hannaford Supermarkets laid the steps they've already taken to prevent another data breach like the one that hit the chain admitted to last month. They also shared additional measures they intend to adopt.
About 1,800 cases of fraud are said to be related to the breach, which the chain said was caused by malware secretly installed on its store servers, involved as many as 4.2 million customer credit and debit cards.
In the wake of the breach, Hodge said, the company immediately engaged international information technology security experts. Hannaford has adopted many of their recommendations, and is still working with those experts.
"We will devote whatever resources necessary" to online security, said Hodge, adding that the price tag for the new technology was "a big number, but worthwhile in the long run."
Hodge further noted that the company has seen no drop in business as a result of the breach.
S.v.p. and c.i.o. Bill Homa noted the grocer is regarding the breach, unfortunate as it was, an "opportunity for learning" how to beef up its overall network security. He said the company had already invested "significant" resources in IT over the past five years, becoming an early adopter of the Payment Card Industry Data Security Standard, as well as the first retailer in the state of Maine to have a Cisco Certified Internetwork Expert (CCIE) on staff.
Among the steps it is now taking "above and beyond the industry standard" are a 24/7 monitoring system from IBM, the encryption of customer card information, systems to prevent malware, firewalls, and an ISO (independent system operator) information security management system, said Homa.
When asked by Progressive Grocer what Hannaford's timeline was to adopt the new measures, Hodge and Homa said the company is still in the midst of selecting a vendor for a host intrusion prevention system (HIPS), so it would be the end of the year before that technology was implemented. In addition, the ISO process, although launching this year, would take a year to 18 months to fully roll out, they said.
In contrast, the replacement of PIN pads in all stores with ones capable of encrypting customer information should take two to three months, according to the execs.
A comprehensive forensic investigation and a criminal investigation of the incident are still ongoing, the Hannaford officials said.