Portland, Maine Hannaford Bros. grocery chain announced late Monday it has experienced a security breach that has exposed more than 4 million card numbers and led to 1,800 cases of fraud.
Hannaford said credit- and debit-card numbers were stolen during the card-authorization process and about 4.2 million unique card numbers were exposed, placing the case among the largest data breaches in history.
The breach affected all of the East Coast supermarket chain’s 165 namesake stores in the Northeast, 106 Sweetbay stores in Florida and a smaller number of independent groceries that sell Hannaford products.
The company said it is aware of about 1,800 cases of fraud reported so far relating to the breach. The company did say, however, that no personal data such as names, addresses or telephone numbers were divulged, just account numbers.
Hannaford said it became aware of the breach on Feb. 27. According to Carol Eleazer, Hannaford’s VP of marketing, investigators later discovered that the data breach began on Dec. 7, but it wasn’t contained until March 10.
“We have taken aggressive steps to augment our network security capabilities,” Hannaford president and CEO Ronald C. Hodge said in a statement released Monday. “Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.”
The company urged its customers to monitor their credit and debit cards for unusual transactions and report any problems to authorities. It also told customers to beware of e-mails and calls from people claiming to represent Hannaford and seeking any personal information.
The U.S. Secret Service has confirmed that it is investigating.
The case ranks among the largest breaches on record involving retailers, but far fewer cards were exposed than in the largest hack—at TJX Cos., during which it was reported at least 45.7 million cards were exposed, while banks’ court filings put the number at more than 100 million.