Hijacking Trojan Malware Used in Hannaford Data Breach

Hannaford said an "illicit and unauthorized computer program" was secretly installed on servers at every one of its grocery stories in Maine, Vermont, New Hampshire, Massachusetts and New York.

 

A targeted malware attack described as "new and sophisticated" is to be blamed for the data breach at Hannaford Bros. Co. that exposed more than four million credit and debit card numbers to identity thieves, the supermarket chain said in a letter to regulators in Massachusetts.

In the letter, which was sent by Hannaford general counsel Emily Dickinson, the company said an "illicit and unauthorized computer program" was secretly installed on servers at every one of its 300-plus grocery stories in Maine, Vermont, New Hampshire, Massachusetts and New York.

According to the Boston Globe, which first reported on Hannaford's explanations to Massachusetts Attorney General Martha Coakley and Governor Deval Patrick's Office of Consumer Affairs and Business Regulation, the malicious Trojan was programmed to hijack what is described as "Track 2" data from the magnetic stripe of credit and debit cards being swiped at Hannaford's checkout counters.

Read the full article at eWEEK.