Thieves Planted Malware on 300 Hannaford Servers
Since it made security magazines’ headlines, the Hannaford data breach that exposed 4.2 million credit card accounts still ranks high in the news. The question on everyone’s mind is how it could all happen. According to the latest article published by The Register on the topic, the thieves behind the breach installed a sophisticated malicious software on over 300 servers in at least 6 states belonging to the Hannaford grocery chain.
What the malware did was to intercept credit card data while customers paid for purchases using plastic and then transmit the information overseas. While Hannaford has disclosed the number of servers on which the malware has been detected, they are yet to disclose how it got there. Security experts are quite puzzled by this incident, as they regard Hannaford as a legal and standard compliant company.
Security experts have been eager to figure out how thieves siphoned the data out of Hannaford Brothers Cos. network because the company is believed to have been following payment card industry (PCI) rules. If the east coast chain’s systems were vulnerable, plenty of other retailers may be open to the same attack, the experts have warned.
