Beep. Beep. Beep. That’s the sound of your groceries scanning at the supermarket. What you might not recognize is that when you go to pay for your groceries, you may be putting yourself at risk. If you live in New England or down in Florida, you need to check where you’ve been shopping. The chain Hannaford Bros. announced that it recently suffered a data breach that resulted in the theft of 4.2 million credit and debit account numbers.

The apparent cause of the problem was a system that illegally accessed the data while it was being transferred to the credit companies and banks for validation. While an encryption system had been in place before the attack, it proved to not be effective against these persistent data breaches. After finding out about the breach, Hannaford Bros. instituted stricter policies for the validation process. All systems associated with the grocery chain now have a level of encryption and security higher than the national average and stronger than required by the industry.

As investigations continue on the data breach, it appears that the breach began in late 2007, but was not discovered until recently. Company officials have not volunteered any information about why it took so long to identify the problem. Even after learning about the problem, it still took over a month before Hannaford Bros. was able to contain the breach. Within that time period, they did not alert any of their consumers which has raised questions about their handling of the situation. If individuals had known that their important data had been stolen, they could have purchased a membership for some sort of ID theft service, such as Lifelock. While investigations continue into the party, or parties, responsible for the breach, Hannaford Bros. maintains that its customers should feel safe in shopping and using credit cards at the store.

Between December 2007 and the present, there have been 1,800 cases of fraud related to the stolen credit and debit card numbers. Although the company states that no personal data was accessed during the breach, their investigation of the matter is still in progress. Customers of Hannaford Bros. would be wise to check all of their bank accounts for unauthorized withdrawals or fraudulent activity on their credit card statements for the last few months. If someone has been a victim of fraud, they should look into purchasing Lifelock, or another ID theft system. Checking your credit reports is also a suggested step in recovering from fraudulent activity.

While Hannaford Bros. attempts to win its customers back over, other companies throughout the northeast have been put on alert. The Massachusetts Bankers Association (MBA) put out a press release, letting the public know that they should be aware of the large data breach. While they did not initially recognize Hannaford Bros. as the “major retailer” in the report, the MBA was later able to verify that the grocery chain’s verification system was at the center of the problem.

It was revealed today that Pfizer might be in trouble again after they reported another potential data breach–this one affecting over 13,000 company employees. Like several other recent id thefts, this one was initiated by the theft of a company laptop that contained employee records. On the bright side, this time, was that there weren’t any social security numbers stored on the stolen laptop.

An employee was quoted as saying, “How many … times does this have to happen before someone figures out that the people being given access to this info are clearly incompetent and incapable of keeping it secure?”. I’ll go ahead and answer that for you–a LOT. This seems to happen all the time and it’s not just Pfizer that has some incompetent people being charged with safeguarding the identities of their employees.

Although Pfizer has said they’re now going to start encrypting all laptops, this is hardly going to prevent similar problems from arising in the future–like their employee correctly pointed out, when the people in charge of ensuring the safe handling of information can’t be counted upon to be responsible in doing their jobs all of the encryption and upper-level decisions aren’t going to do any good at all. To be cliché about it, an ounce of prevention is worth a pound of cure, but when you can’t even get an ounce of prevention into the right hands…well, then you’re going to be paying for a lot more pounds of cure; tons of cure (if you will).

Now, Pfizer has coupled these efforts with mandatory training for both employees and contractors covering the importance of data security so they’re taking the right steps but shouldn’t they have done this before the first incident last year–or at least before the most recent breach? We all make mistakes, both as individuals and as corporations, but come on, we all have enough to worry about that having to expend our mental energy on having safe identities because we have a job is really just ridiculous.

Fortunately there are several identity theft companies that provide large-scale solutions for companies in situations like Pfizer including Lifelock and their main competitor, Debix. Lifelock has been called upon in many previous cases to put locks down on the credit of affected employees to ensure no harm comes from the theft of private data.