BreachExchange mailing list archives
follow-up: Advanced tactic targeted grocer - 'Malware' stole Hannaford data
From: security curmudgeon <jericho () attrition org>
Date: Fri, 28 Mar 2008 17:02:52 +0000 (UTC)
[Software was installed at each of the roughly 300 stores.. i'm sure we'd all love to know how that happened. I have a feeling the bad guys didn't compromise all 300 machines. - jericho] http://www.boston.com/news/local/articles/2008/03/28/advanced_tactic_targeted_grocer/ A massive data breach at Hannaford Brothers Cos. was caused by a "new and sophisticated" method in which software was secretly installed on servers at every one of its grocery stores, the company told Massachusetts regulators this week. The unauthorized intrusion the company disclosed on March 17 stemmed from software that intercepted card data from customers as they paid with plastic at store checkout counters, and sent the data overseas, Hannaford's top lawyer said in a letter sent to Attorney General Martha Coakley and Governor Deval Patrick's Office of Consumer Affairs and Business Regulation. The software was installed on computer servers at each of the roughly 300 stores operated by Hannaford and its partners. Hannaford did not say how the software might have been placed on so many servers, and company spokeswoman Carol Eleazer said the company continues to investigate how the software was installed and other specifics of the breach. The Secret Service, which pursues currency crimes, is conducting its own investigation. [..] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- follow-up: Advanced tactic targeted grocer - 'Malware' stole Hannaford data security curmudgeon (Mar 28)