The data thefts can be hard to detect because often the stolen information is spirited out of a company via open network ports -- such as Port 80, which is used for online connections and serving up Web pages, or Port 443, which can be used to send secure communications over the Web.
Schwartz said that many companies don't even monitor those ports, assuming instead that all of the data traffic going out through them is legitimate.
Network managers should be watching the ports "for nonstandard traffic," he added. "If traffic is destined for Romania, and it's [using] Port 443, and it's not SSL traffic, that's a red flag -- and you should see it in minutes, not months."
Based on what's known about the Hannaford and Okemo breaches, it isn't clear whether they really do point to a new method of attack, said Deven Bhatt, director of corporate security at Airline Reporting. But he added that ARC, which provides ticket distribution and financial settlement services to more than 150 airlines and rail carriers, is reviewing its networks to make sure they aren't vulnerable to data-in-transit thefts.
ARC's review was prompted by Okemo's disclosure that its systems had been breached in a Hannaford-like fashion and by the reports that other companies may have been similarly attacked. Bhatt noted that ARC is fully compliant with the PCI requirements.
But Hannaford has made the same claim and yet was the victim of a data breach.
Chris Andrew, vice president of security technology at software vendor Lumension Security, said the grocer's network obviously wasn't locked down tight, as evidenced by the fact that the malware was able to send the stolen data overseas.
"Clearly," he added, "there was a pathway back out of the network that Hannaford should have closed."