You are here
The Hannaford data breach goes to show retailers that PCI Compliance is not an invincible shield, and even systems managed by one of the industry’s top c.i.o.s can fall prey to a determined hacker. Indeed, the incident, which was caused by a data intrusion into Hannaford's network, has led retail and technology experts to question the validity of the data security standards.
The breach, which took place between Dec. 7 and March 10, affected all 165 Hannaford stores, as well as 106 Sweetbay Supermarket stores in Florida, a sister Delhaize chain; and certain independent operators that sell Hannaford items.
At least 1,800 cases of fraud have come to light as a result of the breach, which was caused by malware secretly installed on its servers. The grocer has become the target of several class actions filed on behalf of consumers. This is one area where being PCI-compliant will help, as it supports the argument that Hannaford wasn’t negligent, much the same way that a retailer that can demonstrate a regular maintenance and cleaning schedule will seldom lose a slip and fall case.
The Payment Card Industry Data Security Standard was put in place by major credit card brands to make sure retailers take sufficient steps to protect customers' financial data. Mandated by major card brands including Visa, MasterCard, American Express, and JPMorgan Chase, it requires merchants to implement 12 account-protection mechanisms, including encryption, vulnerability scans, and the use of firewalls and antivirus software.
"I'll stick with Hannaford," noted one commenter. "It could have happened to any company."
Identity theft facts:
- The 2006 victim population was at 15 million. That means every minute about 28.5 people become a new victim of this crime, or a new victim is added in just over two seconds.
- The top states in terms of victims per capita are: New York, California, Nevada, Arizona, Washington, and Texas. The Id Analytics study 2007 includes Hawaii, Illinois, Oregon, and Michigan. The FTC 2006 report includes Florida, Georgia, and Colorado.
Related Stories from Progressive Grocer Online: