Data thieves broke into computers at supermarket chains Hannaford Brothers and Sweetbay, stealing an estimated 4.2 million credit and debit card numbers, Hannaford said Monday.

"The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization," said Hannaford CEO Ron Hodge, in a statement posted to the company's Web site.

Hannaford became aware of the theft on Feb. 27, following reports of suspicious credit card activity. The crime, which occurred some time between December and March, is one of the largest reported data thefts from a retailer in U.S. history.

"Somebody hacked into their system," said Mark Walker, vice president and counsel with the Maine Bankers Association, which started informing its 15 member banks of the breach last Friday.

Although only credit and debit card numbers were stolen -- not names or addresses -- Walker said that some cases of identity theft had been associated with the incident.

The Associated Press reported Monday that more than 1,800 cases of fraud had been linked to the theft, which affects 4.2 million credit and debit card numbers.

That's far fewer account numbers than in the nation's largest retail data theft. In 2005, hackers gained access to computer systems at Massachusetts-based TJX Companies, owners of T.J.Maxx, Marshalls and Bob's Stores. That breach affected more than 94 million credit and debit card accounts.

Hannaford is owned by Belgian supermarket giant Delhaize Group, which operates about 1,500 stores in the eastern U.S. In addition to Hannaford Brothers, it owns Food Lion, Bloom, Bottom Dollar, Harveys, Kash n' Karry and Sweetbay grocery stores.

Hannaford stores in New England and New York state were hit with the theft, as were the company's Sweetbay stores in Florida, according to the Hannaford Web site. The company warned that some independent retail locations in the Northeast that carry Hannaford products were also affected.

Close to 70 Massachusetts banks have been contacted by Visa and MasterCard about the incident, which occurred between December and March, the Massachusetts Bankers Association (MBA) said Monday in a statement.

"The MBA estimates that hundreds of thousands of credit and debit cards owned by consumers in Massachusetts and northern New England states could be affected, and is urging consumers to monitor their accounts," the bankers association said.

The IDG News Service is a Network World affiliate.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports