Skip Maine state header navigation

Agencies | Online Services | Help

Skip First Level Navigation | Skip All Navigation

Maine.gov > PFR Home > Bureau of Financial Institutions > Consumer Services > Data Breach

Data Breach

Hannaford Supermarkets recently reported a data breach involving 4.2 million credit and debit card numbers.

How did the breach happen?

The Hannaford press release made available March 17, 2008 indicates that the security breach was due to an intrusion into the Hannaford computer network. The loss of customer information was not due to an intrusion or breach at the customers' banks or credit unions.

What role do banks and credit unions play when a retailer loses credit or debit card information?

Though banks and credit unions did not cause the Hannaford data breach, they bear much of the costs associated with any unauthorized transactions. Banks and credit unions will also take steps to monitor accounts and reissue account numbers if they determine that it is necessary to avoid fraud.

What laws protect me from losing money to fraud?

Federal and State laws give consumer certain rights regarding unauthorized electronic withdrawals or charges made with a debit or credit card.

Credit card protections
Credit card customers are protected by Regulation Z, a federal law that limits consumer’s losses to $50 per card.  In most cases, consumers who report fraudulent charges against their credit card are not held liable for those transactions. Consumers must dispute unauthorized charges within 60 days of the date an unauthorized charge appears on their statement.

Debit card protections 
When information contained on a debit card has been compromised by way of data breach, federal law provides that the consumer has sixty (60) days from when the bank or credit union sent the statement on which the unauthorized transaction appears, for the consumer to notify the bank or credit union about the unauthorized transaction. If the consumer fails to notify the bank or credit union of the unauthorized transaction within this time, the consumer is liable for the unauthorized transactions on their account. It is always very important for consumers to check their bank statements carefully. However, they should be especially vigilant now because of the recent Hannaford data breach.

If the consumer supplied their personal identification number to someone and transactions are completed, then the transactions are generally considered to have been authorized.

What should I do to protect myself?

  • Review your bank statement or credit card statement thoroughly as soon as you receive it. The initial breach took place in December 2007 so you should review statements back to that month.
  •  Notify your financial institution of any unauthorized transactions immediately. This can make a difference in your losses.

Most financial institutions offer access to your account online or by phone. You are not required to use these services, however, these features allow consumers to review transactions sooner.

 

In the event that you have further questions, please contact the Maine Bureau of Financial Institutions at

1 800-965-5235 or 207-624-8570.

Last Updated: June 30, 2009