Hannaford Breach Included Clear Text Sent Via Fiber-Optic Cable

The Hannaford data breach included payment information that was partly encrypted and partly clear text—and it was all transmitted over a private fiber-optic cable, according to a Hannaford official quoted in the Wall Street Journal.

This information—on top of the reports that Trojan Horse software was installed on 300 servers in 300 Hannaford stores--is painting a picture of a retailer that seemed to be following accepted security procedures. The story reported that the cyber-thief created software "intercepted the information as it went back and forth over a cable to a transaction processor in Denver. It was then transmitted to an Internet service provider somewhere outside the U.S.," according to Hannaford marketing VP Carol Eleazer, who added that "it took a team of about 30 forensics experts and information technologists more than 10 days of round-the-clock troubleshooting to discover the malware."