Stolen Data and Fraud: The Hannaford Brothers Data breach.(Instructor's Note)

By Clapper, Danial L. | Journal of the International Academy for Case Studies, December 15, 2010 | Go to article overview

Stolen Data and Fraud: The Hannaford Brothers Data breach.(Instructor's Note)


Clapper, Danial L., Journal of the International Academy for Case Studies


CASE DESCRIPTION

The primary subject matter in this case is an in-depth look at one of the most well known data breach victims of 2008: the Hannaford Brothers grocery chain. This case can be used as a short case illustrating how an organization can become a data breach victim, the type of data criminals are interested in stealing, how they use stolen data to commit fraud and the possible legal consequences of allowing confidential information to be stolen.

To facilitate a more in-depth analysis if desired, the case and discussion questions are grouped into the following dimensions: Credit card data and processes, Credit card fraud and Identity Theft, Technical details of how the criminals accomplished the data theft and the legal aspects of the lawsuits that resulted from the data breach. Any or all of these dimensions can be explored in more depth by either the entire class or different student groups.

The basic case has a difficulty level of one or two and is suitable for a general undergraduate business course. With a deeper exploration of one or more of the above dimensions the case could be used to better understand criminal data theft and fraud in an upper-level accounting or finance course. More time spent on how the data was stolen would be appropriate for an information security course, particularly with an emphasis on information technology. It could also be used in a business law or issues course to explore the legal environment surrounding data breaches, customer notification and possible legal consequences of a data breach. The basic case is designed to be taught in three class hours and is expected to require three hours of preparation by students.

CASE SYNOPSIS

Hannaford Brothers Company is a regional grocery company with stores throughout eastern United States. On March 17, 2008 Hannaford Brothers announced that it had been the victim of a malware attack it characterized as "new and sophisticated" which resulted in over 4.2 million credit and debit card numbers being compromised. In every one of its close to 300 grocery stores in Maine, Vermont, New Hampshire, Massachusetts, New York and Florida the malware had intercepted credit and debit card data after the customers swiped their card at the checkout counters. This stolen credit card data was fraudulently used in at least 1,800 cases in the U.S. as well as Mexico, Bulgaria and Italy. On March 19, 2008 an attorney in Maine filed a class-action lawsuit against Hannaford Brothers. Other lawsuits followed shortly.

This case explores one of the most notorious data breaches of 2008--a year which according to one report had more records compromised than the preceding four years combined. Students will learn how the data was stolen, how criminals used the stolen data to commit fraud, the security standards in place to protect data and the results of the lawsuits against Hannaford Brothers.

INSTRUCTORS' NOTES

Recommendations for Teaching Approaches

In the case typology suggested by Lynn (Lynn, 1999) this case is an "Illustrative Case". It illustrates how an organization--even when it's IT security meets industry standards--can fail to protect its customer's data when confronted with clever, high-tech criminals. Because it is an illustrative case it was designed to be used to explore a number of quite different dimensions of a data breach.

It is recommended to first discuss the timeline of the key events and responses for the data breach. That timeline is shown in the next section.

Next the instructor can explore any or all of the following dimensions: the nature of credit card data and the processes and entities involved in making a credit card purchase, how criminals use stolen data to commit fraud, how the criminals engineered the Hannaford Brothers data breach, and the legal issues Hannaford Brothers faced after publicizing its data breach. Although the case is self-contained, it is designed to allow instructors to drill down into any or all of these dimensions. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Stolen Data and Fraud: The Hannaford Brothers Data breach.(Instructor's Note)
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.