My close encounter with the Hannaford data breach

My debit card was one of the potentially 4.2 million exposed in the recent Hannaford data breach. Here’s part of the letter from my bank, the Savings Bank of Walpole.

I’ve thanked them privately, and want to thank them publicly as well, for being proactive and doing the right thing here. They’re dealing with fallout from a problem they didn’t create.

Details are still emerging but we don’t yet have the full story. As the InfoWorld story notes, Hannaford’s servers might have been compromised by a remote exploit through the network, or a local exploit made possible by unauthorized physical access.

In the aftermath, most of the usual defense-in-depth strategies are being rehashed, and that’s good. But one-time account numbers still aren’t on the radar screen, and I keep on wondering: Why not?

6 Comments

  1. I was a huge fan of the American Express one-time card numbers, and was disappointed to see them drop that feature several years go. I used them all the time online, and were especially when doing one-off purchases at merchants I didn’t have much history with.

    It looks like PayPal is offering a virtual debit card feature that acts as a MasterCard, though I haven’t been able to try it yet.

    It’s good to see institutions that are on the ball in these cases, because it still seems to be the exception.

  2. “I use one-time numbers exclusively for online transactions and things I send through the postal service.”

    Yep. So, what would it take to insert that protocol into the retail checkout scenario?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s