Make us your home page

After data theft, Sweetbay upgrades security

Sweetbay Supermarket and its New England parent are pouring millions into "industrial strength" security after reporting a big data breach March 17.

"This has been the most challenging time in our 100-year history and certainly in my tenure here," said Ron Hodge, chief executive of Hannaford Bros., who also oversees Sweetbay for Belgian owners DelHaize Group.

The breach at 106 Sweetbay stores in Florida and 165 Hannaford Bros. stores in New England lasted from Dec. 7 through March 10.

About 4.2-million debit and credit card numbers were compromised, including 1.6-million on Florida's west coast. So far, 1,800 reports of attempted fraud were reported, but card issuers Visa and MasterCard decline to update the count.

Hodge outlined corrective action in a conference call Tuesday but declined to address the criminal investigation, who's going to pay card issuer losses, or nine privacy lawsuits filed on behalf of customers.

He said the grocer now encrypts all payment data starting at the checkout after adding firewalls, software fixes and around-the-clock monitoring. Infected servers already were replaced, but other installation will take months. The bill has not hit $10-million.

"It hurts to take out perfectly good hardware, but we're replacing the card readers at every store," said Bill Homa, Hannaford chief information officer. "At $5,000 a store, it adds up quickly."

The chain's sales have not suffered since the breach was disclosed, Hodge said.

The company learned of the breach Feb. 27 after Visa refused a string of unauthorized transactions. Hannaford assigned a team of forensic data security experts to pinpoint the leaks. A patch was installed March 10.

Card issuers, however, continue issuing new card numbers regarded as at risk or on customer request. SunTrust Banks and Achieva Federal Credit Union mailed replacement cards as recently as last week, but bankers say cases of fraud are not widespread.

"We have not reissued a card or had a case of fraud reported," said Bucky Sebastian, chief executive of the GTE Federal Credit Union in Tampa, which has 205,000 members.

"The problems were more up North."

Meanwhile, a similar hack that comprised 46,000 cards in February was reported by Okemo Mountain Resort ski area in Ludlow, Vt.

Both represent a new type of hack attack. In the few publicly disclosed breaches by retailers such as TJMaxx/Marshalls, hackers tapped a company database.

This time they installed "malware," or malicious software, in store servers that intercepted card authorization messages between the checkout and banks.

The hackers transmitted batches of stolen numbers and expiration dates to an offshore Internet Service Provider. They did not get Personal Identification Numbers, known as PINs, Homa said.

Typically, hackers sell card numbers to thieves who try to convert them to cash. So far all the fraud disclosed involved unauthorized purchases. No case of attempted identify fraud — using personal information to create a duplicate identity to open new accounts — has surfaced.

Meanwhile, class action suits seeking damages and free credit monitoring services for affected customers are moving through the court system. All nine suits, including one filed in a state court in Tampa, are being consolidated in federal court while judges decide where to hear the case.

Mark Albright can be reached at or
(727) 893-8252.

After data theft, Sweetbay upgrades security 04/22/08 [Last modified: Thursday, April 24, 2008 10:37am]
Photo reprints | Article reprints

© 2017 Tampa Bay Times


Join the discussion: Click to view comments, add yours

  1. Last steel beam marks construction milestone for Tom and Mary James' museum


    ST. PETERSBURG — Tom and Mary James on Wednesday signed their names to the last steel beam framing the 105-ton stone mesa that will be built at the entrance of the museum that bears their name: the James Museum of Western and Wildlife Art.

    The topping-out ceremony of the James Museum of Western & Wildlife Art was held Wednesday morning in downtown St. Petersburg. Mary James (from left), husband Tom and Mayor Rick Kriseman signed the final beam before it was put into place. When finished, the $55 million museum at 100 Central Ave. will hold up to 500 pieces of the couple's 3,000-piece art collection. [Courtesy of James Museum of Western & Wildlife Art]
  2. Heights Public Market to host two Tampa Bay food trucks


    TAMPA — The Heights Public Market announced the first two food trucks for its "rotating stall," which will feature new restaurants every four months. Surf and Turf and Empamamas will be rolled out first.

    Heights Public Market is opening this summer inside the Tampa Armature Works building.
[SKIP O'ROURKE   |   Times file photo]

  3. Author Randy Wayne White could open St. Pete's biggest restaurant on the pier

    Food & Dining

    ST. PETERSBURG — The story begins with Yucatan shrimp.

    St. Petersburg Deputy Mayor Kanika Tomalin, pilot Mark Futch, Boca Grande, St. Petersburg Mayor Rick Kriseman, and author and businessman Randy Wayne White,  Sanibel, exit a Maule Super Rocket seaplane after taking a fight around Tampa Bay off the St. Petersburg waterfront, 6/28/17.  White and his business partners are in negotiations with the City of St. Petersburg to build a fourth Doc Ford's Rum Bar & Grille on the approach to the St. Petersburg Pier with a second event space on the pier according to White. The group met near Spa Beach after a ground breaking ceremony for the new pier. "We want to have our business open by the time the pier opens," said White. Other Dr. Ford restaurants are located on Sanibel, Captiva and Ft. Myers Beach. SCOTT KEELER   |   Times
  4. Guilty plea for WellCare Health Plans former counsel Thaddeus Bereday


    Former WellCare Health Plans general counsel Thaddeus M.S. Bereday pleaded guilty to one count of making a false statement to the Florida Medicaid program, and faces a maximum penalty of five years in federal prison. A sentencing date has not yet been set, acting U.S. Attorney W. Stephen Muldrow of the Middle District …

    WellCare Health Plans former general counsel Thaddeus M.S. Bereday, pleaded guilty to one count of making a false statement to the Florida Medicaid program, and faces a maximum penalty of five years in federal prison. A sentencing date has not yet been set, acting U.S. Attorney W. Stephen Muldrow of the Middle District of Florida stated Wednesday. [LinkedIn handout]
  5. DOT shows alternatives to former Tampa Bay Express toll lanes


    TAMPA — State transportation officials are evaluating at least a half-dozen alternatives to the controversial Tampa Bay interstate plan that they will workshop with the community over the next 18 months.

    Florida Department of Transportation consultant Brad Flom explains potential alternatives to adding toll lanes to Interstate 275 during a meeting Wednesday at the DOT’s Tampa office. Flom presented seven diagrams, all of which swapped toll lanes for transit, such as light rail or express bus, in the I-275 corridor from downtown Tampa to Bearss Avenue.