Breach may threaten student savings

March 28, 2008

Margot D. Miller

**CARD CATASTROPHE:** A data intrusion into Hannaford Supermarkets exposed 4.2 million credit and debit cards to potential fraud. There have been 1,800 reported cases of fraud from the breach.

Bowdoin students may want to take a careful look at their next credit card statement.

On March 17, Hannaford Supermarkets announced a data intrusion which exposed 4.2 million credit cards and debit cards to potential fraud. The numbers were taken between December 7, 2007 and March 10, 2008.

According to a statement posted on its Web site, Hannaford "was first made aware of suspicious credit card activity on Feb. 27, and immediately initiated a comprehensive investigation with the assistance of leading computer security experts."

This investigation has uncovered an attack on the Hannaford system that was "novel and sophisticated," according to Vice President of Marketing Carol Eleazer.

According to the Hannaford Web site, data was illegally accessed from the computer system during the "card verification" stage of credit card and debit card transactions.

The breach has compromised credit and debit cards at all of Hannaford's 165 supermarkets in New England and New York, 106 affiliated Sweetbay stores in Florida and 23 independent retailers that carry Hannaford products. Thus far, there have been 1800 reports of credit card fraud from the breach.

The data intrusion has been particularly worrisome to members of the Bowdoin community, since many shop for groceries at the local Hannaford.

Sophie Springer '11 was alarmed when she first heard about the breach. "I was worried if someone had access to my bank accounts," she said. "So I decided to replace my card."

According to Senior Vice President for Finance and Administration Katy Longley, 26 corporate credit cards used by the College were also compromised. Longley said that the cards were "proactively canceled," though she said that fraudulent charges had not been made.

Dean of Student Affairs Tim Foster sent an e-mail to students on Wednesday informing them of the breach.

"It is important to check your accounts to make sure that unauthorized charges have not been made," he wrote in the announcement. Though the administration does not "typically give business advice," said Longley, she said that the College felt it was important to alert students to the breach, since it occurred over Spring Break and some students may not have been informed of the intrusion.

Foster also suggested that some students may want to cancel their credit card or debit card.

"You may wish to...have your current card cancelled right away and request that a new card be issued," he added.

Eleazer echoed Foster's advice for protecting financial information. She advised customers to be wary of individuals posing as Hannaford employees and requesting personal information, including names and credit card numbers, over the phone.

Eleazer also warned against a "second wave of fraud and criminal activity," noting that no one legitimately working for Hannaford would request additional information from customers.

Eleazer said that Hannaford has "absolutely discovered and contained the intrusion," and called the breach "completely unprecedented." Hannaford, in tandem with industry experts and authorities from the Secret Service, is now working to ensure future "prevention and protection measures are advanced and state of the art," she said.

Comments are permanently closed.