Malware to blame in supermarket data breach

Malicious software somehow found its way onto a Maine-based supermarket chain's servers, which led to the security breach announced earlier this month compromising up to 4.2 million credit cards.

It turns out malware somehow found its way onto a Maine-based supermarket chain's servers, which led to the security breach announced earlier this month compromising up to 4.2 million credit cards.

Hannford logo

Citing a letter the Hannaford grocer sent to Massachusetts regulators, The Boston Globe on Friday reported that the malicious software intercepted data from customers as they paid with plastic at checkout counters and sent data overseas.

The malware was installed on computer servers at each of the 300-some stores operated by Hannaford and its partners, the Globe reported.

The company is continuing its investigation into how the malware may have been placed on the servers. The Secret Service, meanwhile is conducting its own investigation.

The breach appears to be one of the first in which credit card numbers were stolen while the information was in transit, or at the point of sale. One of a growing number of sophisticated attacks , it illustrates vulnerabilities in the communication between cash registers and branch servers, as Neal Krawetz of Hacker Factor Solutions has warned in research (PDF).

That mode contrasts to attacks on databases, the method used to compromise 45.7 million accounts over a two-year period in a data breach of customer records at TJX Companies, the operator of T.J. Maxx and Marshalls retail chains.

Andrew Conry of InformationWeek adds that Hannaford, in addition to the breach, has two related class action lawsuits on its hands alleging negligence in maintaining customer security. And he suggests that there might be some truth to the claims, noting that Hannaford should have noticed that "internal servers were transmitting outside the network to a strange IP. This should've raised flags somewhere--server logs, IDS logs, firewall logs."

I'll second Conry's conclusion: "In any case, the whole mess should be very instructional to retailers everywhere," particularly in light of Friday's news of attacks on top Web sites like USAToday.com, Target.com, ABCNews.com , Walmart.com, and of a data breach at Antioch University in Ohio.

About the author

Michelle Meyers, associate editor, has been writing and editing CNET News stories since 2005. But she's still working to shed some of her old newspaper ways, first honed when copy was actually cut and pasted. When she's not fixing typos and tightening sentences, she's working with reporters on story ideas, tracking media happenings, or freshening up CNET News' home page.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET