March 17, 2010

Hannaford breach highlights weakness in Maine law

— In an age of fast-changing technology, keeping both security measures and laws ahead of the thieves is proving a challenge.

The latest computer breach to grab headlines happened close to home. Scarborough-based Hannaford Bros. says that millions of its customers' credit card numbers and expiration dates have been compromised at its supermarkets in Maine elsewhere.

Thousands of fraudulent charges are the result, and Hannaford is suffering through a nightmarish publicity debacle, with fuming consumers venting on the evening news. Lawsuits are following, and banks and credit unions are scrambling to assess the damage, put insured accounts right and reissue cards.

Already the second-guessing has begun, and Hannaford is coming in for its share of criticism and scrutiny.

But behind its actions are state and federal laws meant to protect consumers and provide a road map for retailers in the event their security is breached.

William Lund, director of the Maine Office of Consumer Credit Regulation, says the Hannaford incident has brought to light weaknesses in state law when it comes to credit card theft.

For one thing, the reporting requirements for Hannaford were not clear. The law says notification must be given -- key to alerting consumers of a possible problem -- when personal ''identifying'' information is released. In the Hannaford case, only numbers and expiration dates were stolen, not names or addresses.

The law also focuses on computer hackers but doesn't cover data lost to stolen paper records. Nor are there firm guidelines about how promptly a retailer must report a problem.

Every other year, the Legislature meets in a supposedly ''short'' session during which only ''emergency'' legislation is to be heard. Those requirements often get stretched, but given the scope of this incident, one would think tightening Maine's credit card data laws would qualify as an emergency.

Were you interviewed for this story? If so, please fill out our accuracy form

Send question/comment to the editors

Further Discussion

Here at we value our readers and are committed to growing our community by encouraging you to add to the discussion. To ensure conscientious dialogue we have implemented a strict no-bullying policy. To participate, you must follow our Terms of Use.

Questions about the article? Add them below and we’ll try to answer them or do a follow-up post as soon as we can. Technical problems? Email them to us with an exact description of the problem. Make sure to include:
  • Type of computer or mobile device your are using
  • Exact operating system and browser you are viewing the site on (TIP: You can easily determine your operating system here.)