Hannaford sent out a letter to Massachusetts regulators late last week. The letter, according to reports, stated that malicious software is to blame for the security breach.
The breach allows data from customers to be sent overseas. When customers paid with credit cards, their data was sent out before it was taken in by the cash register.
The security breach put 4.2 million customer credit cards at risk.
The Boston Globe has reported that this malware was installed on computer servers at 300 Hannaford locations.
The investigation continues now as they try to find out how the malware actually made it onto the servers.