Hannaford's chain of supermarkets in the US has lost up to 4.2 million customer records.
A Hannaford's employee told ZDNet.co.uk on Tuesday that 2000 of the compromised customer credit and debit card details have been used in fraudulent transactions, and confirmed that it may have lost up to 4.2 million details.
In a press release posted on its site on Tuesday, the New England company said it had lost the details during wireless card transactions.
"The stolen data was limited to credit and debit card numbers and expiration dates, and was illegally accessed from our computer systems during transmission of card authorization," said the release.
When I rang Hannaford's, one of their employees told me that the breach had extended from 7 December until 10 March.
"We had 4.2 million transactions during that time frame," said the employee. "We don't know how many cards were affected. We've definitely had a lot of worried customers." The employee added that no customer names had been associated with their credit card details.
The details appear to have been lost in a similar manner to the 45 million details lost by retailer TJX, which used WEP to encrypt its wireless transactions.