Many sources are reporting on a data breach in the US Hannaford retail chain where customer credit and debit card numbers were exposed by some sort of intrusion into their computer systems. Unfortunately, this kind of report is all too common.

What I find interesting is the message to their customers by their CEO. He states in part:

Hannaford has contained a data intrusion into its computer network that resulted in the theft of customer credit and debit card numbers. No personal information, such as names or addresses, was accessed. Hannaford doesn’t collect, know or keep any personally identifiable customer information from transactions.

We sincerely regret this intrusion into our systems, which we believe, are among the strongest in the industry. The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization.

So how are credit and debit card numbers not “personal information”?

Read a report on StorefronBacktalk

Read the Hannaford statement