Wednesday, April 23, 2014
The latest computer breach to grab headlines happened close to home. Scarborough-based Hannaford Bros. says that millions of its customers' credit card numbers and expiration dates have been compromised at its supermarkets in Maine elsewhere.
Thousands of fraudulent charges are the result, and Hannaford is suffering through a nightmarish publicity debacle, with fuming consumers venting on the evening news. Lawsuits are following, and banks and credit unions are scrambling to assess the damage, put insured accounts right and reissue cards.
Already the second-guessing has begun, and Hannaford is coming in for its share of criticism and scrutiny.
But behind its actions are state and federal laws meant to protect consumers and provide a road map for retailers in the event their security is breached.
William Lund, director of the Maine Office of Consumer Credit Regulation, says the Hannaford incident has brought to light weaknesses in state law when it comes to credit card theft.
For one thing, the reporting requirements for Hannaford were not clear. The law says notification must be given -- key to alerting consumers of a possible problem -- when personal ''identifying'' information is released. In the Hannaford case, only numbers and expiration dates were stolen, not names or addresses.
The law also focuses on computer hackers but doesn't cover data lost to stolen paper records. Nor are there firm guidelines about how promptly a retailer must report a problem.
Every other year, the Legislature meets in a supposedly ''short'' session during which only ''emergency'' legislation is to be heard. Those requirements often get stretched, but given the scope of this incident, one would think tightening Maine's credit card data laws would qualify as an emergency.