[Dataloss] follow-up: Advanced tactic targeted grocer - 'Malware' stole Hannaford data

[security curmudgeon]

[Software was installed at each of the roughly 300 stores.. i'm sure we'd
  all love to know how that happened. I have a feeling the bad guys didn't
  compromise all 300 machines. - jericho]


http://www.boston.com/news/local/articles/2008/03/28/advanced_tactic_targeted_grocer/

A massive data breach at Hannaford Brothers Cos. was caused by a "new and 
sophisticated" method in which software was secretly installed on servers 
at every one of its grocery stores, the company told Massachusetts 
regulators this week.

The unauthorized intrusion the company disclosed on March 17 stemmed from 
software that intercepted card data from customers as they paid with 
plastic at store checkout counters, and sent the data overseas, 
Hannaford's top lawyer said in a letter sent to Attorney General Martha 
Coakley and Governor Deval Patrick's Office of Consumer Affairs and 
Business Regulation.

The software was installed on computer servers at each of the roughly 300 
stores operated by Hannaford and its partners. Hannaford did not say how 
the software might have been placed on so many servers, and company 
spokeswoman Carol Eleazer said the company continues to investigate how 
the software was installed and other specifics of the breach. The Secret 
Service, which pursues currency crimes, is conducting its own 
investigation.

[..]