Hannaford Security Breach

We first discovered Hannaford in Western Mass. many years ago. We loved it immediately: they had the foods we wanted and their prices were better than the big name stores. We wished that they had a store near to us.

When we moved down to Middleboro two years ago we were delighted to find a Hannaford's here. It's a smaller store, but we find what we want and again the prices are good. We really like Hannaford.

Ah, but then this big credit card mess: New retail data breach may have affected millions of Hannaford shoppers. That's upsetting, and as Geeks Are Sexy pointed out the way Hannaford presented its response might indicate a weak IT department.

However, we don't even know if it really was a "data breach". If Hannaford doesn't have a strong CIO, I certainly don't trust that the President or VP of Marketing has any real clue as to what really happened. For all we know, this was an inside job: someone inside their data center could have passed credit card info out or arranged an open door. This could easily have been an "invitation" rather than a breach.

Hannaford's day of shame will pass. They'll hire a CIO or at least a good outside consultant and they will shore up their defenses. But what worries me is that there are a lot of "Hannafords" out there: companies who are large enough to have data worth stealing but small enough that they may not have good security controls in place. I could spit out a few dozen names without even thinking hard: you probably drive by many just like this every day. Small chains, often regional, competing hard against their national counterparts: how many do you think have strong IT departments? I'd guess that not many do.. and that worries me, particularly as we slide toward economic hard times: when the going gets tough, criminals have even more reason to look for prey, and isn't IT often quite vulnerable to layoffs and cutbacks? You betcha: the VP of marketing probably sees IT as mostly fluff anyway.. they don't bring in money, right?

My bet is that we'll see more of this.. unfortunately.