Hannaford breach may hit Maine credit unions harder than TJX compromise

Trade association is not optimistic

The recently disclosed data breach at Hannaford Bros. Co. could have a significantly greater impact on Maine credit unions than last year's compromise at The TJX Companies Inc., the Maine Credit Union League has warned.

In a statement issued yesterday, the trade association representing the state's credit unions said that because the compromise happened at a major Maine retailer, more consumers in the state are likely to have been impacted than with the TJX breach.

"The impact and cost of this compromise will be significantly higher than the TJX compromise last year," said Rebekah Higgins, card services manager at Synergent, a subsidiary of the credit union league that provides card processing services for Maine credit unions. According to Higgins, a number of credit unions have already begun reissuing their entire card base as a result of the breach.

Maine credit unions are expected to block and reissue over 100,000 new credit and debit cards as a result of the compromise, the credit union league said in its statement.

A spokesman from the league said it was not possible to provide further details because "the scope of this breach is still ongoing, and we are directing our resources to best serving our members."

Hannaford on Monday disclosed that unknown intruders had accessed its systems and stolen credit and debit card data belonging to about 4.2 million consumers in a four-month period, between Dec. 7 and March 10.

The breach impacted all of Hannaford's 165 stores in New England and New York state, and 106 Sweetbay stores in Florida.

One of the many institutions preparing to reissue credit cards is the Maine State Employees Credit Union in Augusta. A statement on its Web site noted that the credit union has received "several notifications" about the breach from Visa. The credit union said it has been notified by Visa that approximately 6,000 out of the 8,000 Visa cards and 9,100 of the Visa debit cards the credit union has issued so far appear to have been compromised by the Hannaford breach. So far no fraud seems to have occurred as a result of the breach, the credit union said.

Another institution, The Town & Country Federal Credit Union in South Portland, Maine, said in a statement on its Web site that it would be replacing about 8,000 Visa debit cards after Visa informed it that those cards had been affected by the Hannaford breach. At this time, it has no information on individual accounts being fraudulently used as a result of the compromise, the statement added.

In a letter to affected members, The University Credit Union in Orono, Maine, characterized the Hannaford breach as an intrusion on "PIN-based transactions" that had compromised some of the credit union's Visa debit cards. The credit union noted that it will be sending out new cards and PIN numbers to affected members and informed them that their current cards would be deactivated three weeks after the new cards were mailed out.

Ironically, the Hannaford Associates Federal Credit Union itself appears to have been untouched by the breach. A statement on the credit union's Web site mentioned the breach but assured members that they were unaffected by it.

"Please be assured that the credit union's debit and credit cards are protected by neural networks that monitor all plastic card usage for potential fraud," the statement said.

Copyright © 2008 IDG Communications, Inc.

  
Shop Tech Products at Amazon