'Income Tax Return Identity Fraud' Scam Threatens Some Taxpayers' Refund And Stimulus Checks
Women More Likely Than Men To Give Passwords To Strangers For Chocolate

Hannaford Issues An Apology

Hannaford Brothers I recently read this Associated Press news story:

"Hannaford supermarket shoppers are getting an apology in their shopping bags for a security breach that was announced two weeks ago. CEO Ron Hodge sent a message to customers online and through leaflets left in grocery bags. In the note, he apologizes for the "concern and inconvenience" that was created when 4.2 million credit and debit cards were potentially compromised. At least 1,800 cases of fraud have been reported. He says Hannaford stopped the theft and brought in top security experts to help us guard against any further attacks."

Since I don't shop at Hannaford, I read Hodge's apology at the company's web site. ""Concern and inconvenience?" That seems to be an attempt to minimize a major data breach... to make it sound non-threatening or insignificant.

If your credit card number was stolen, then you probably got it replaced by your credit card issuer. Little problem there for consumers, but a major expense for credit card issuers.

If your debit card number was stolen, your bank probably issued a new checking account. There's the direct expense to the bank to issue a new checking account and debit card. There's also the time and work impact, since consumers have to set up their online banking with their new checking account. Plus, their bank may or may not have replaced any monies stolen from their checking account. I wouldn't describe that as "concern and inconvenience." And I doubt the identity theft victims view the incident as only a "concern and inconvenience."

At least Hodge had the good sense not to use in his statement the typical corporate double-speak (e.g., a lie) of "we have no indication that the personal data has been used for any improper purpose." There's no way to spin 1,800 fraud cases. Plus... theft is theft, and criminals will always attempt to use (or resell) stolen identity data.

The apology is nice but not enough. I understand a retailer's desire to do anything to get shoppers to continue shopping at their store. How about free credit monitoring and credit resolution for 10 years for identity theft victims? How about publication of Hannaford's revised data security processes so customers can feel confident about data security improvements so this doesn't happen again?

What a company does is more important than their words.

Apparantly, several consumers agree. There are several class-action lawsuits claiming Hannaford didn't do enough to protect consumers' personal data. From the Times Hearald-Record:

"Lawyers are seeking to consolidate about nine lawsuits into one federal class-action suit against Hannaford Bros... The motion to consolidate, which was filed in U.S. District Court in Bangor, Maine, on behalf of Greg Doherty and 'all others similarly situated,' charges Hannaford was negligent in not providing adequate data security and did not inform customers of the breach quickly enough. It seeks credit monitoring or similar protection, unspecified damages and attorneys' fees. Attorneys will have a better idea of the scope of damages when they nail down exactly how many card numbers were stolen, which may take some time, said Jon Lambiras, an attorney with the Philadelphia-based law firm Berger & Montague, one of several plaintiffs' firms involved in the lawsuit."

And, there are parallels to the TJ Maxx data breach:

"Hannaford's lack of proactivity is not unusual. Framingham, Mass.-based TJX, which owns stores such as TJ Maxx and Marshalls, offered no credit monitoring after a data breach exposed the personal information of some 45 million customers. It took a class-action lawsuit, filed by the same firm now suing Hannaford, to get credit monitoring."


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.