The news that Hannaford Bros. is the victim of fraud, including the pilfering of more than 4 million customer credit card numbers, is a devastating blow to the sense of security consumers should have about their financial information.

Most of us who carry credit or debit cards know and take security precautions; after all, the threat of identity theft or fraud is an omnipresent – and not exactly new – concept. We keep our Internet shopping confined to reliable, secure sources, and shred the credit offers that overflow our mailboxes, lest they be misused.

In short, we know our credit card information is a black market commodity. Enough television commercials, public information campaigns and “Hey, have you heard what happened to” conversations have occurred for consumers to wise up to the threat.

Then something like the Hannaford breach occurs: The local grocery store, which doesn’t have a retail Web site for maleficent hackers to mine financial gold. The person or persons who stole credit card numbers did so as transactions were processed.

Writing on washingtonpost.com, computer security blogger Brian Krebs says the Hannaford breach could have even started at the cash register, which means financial information data might have been stolen before the consumer, or their information, even left the building.

Hannaford maintains it complied with all safeguards prescribed by credit card associations, says Krebs. And yet, hackers still broke into the system and purloined millions of numbers, from an innocuous source – a grocery store chain regularly visited by millions of consumers from Maine to Florida.

What’s more frightening, Krebs reported, is the Hannaford breach could foreshadow a tumultuous year, in which consumers experience a new credit crisis regarding the protection of their personal information.

And there’s little lawmakers or government agencies can do but clean up afterward. Maine’s Legislature has enacted several identity theft provisions, with several more now before lawmakers. More are necessary, as officials realize Maine’s laws reference personal identity theft, not the brazen wholesale lifting of numbers.

Now the crime has changed; the law must as well.

Hannaford could be held negligent, for failing to safeguard its credit card transactions. Some technology observers, such as Computerworld.com blogger Robert Mitchell, have faulted Hannaford for not encrypting all card information, even those processed on internal computer systems.

From a consumer perspective, its safest to assume larceny as the mother of invention. In our digital world, those bent on ill-gotten gains will go to great lengths to break computer security.

The lesson is simple: consumers must monitor their credit with vigilance, as hackers are staying a step ahead. Fraud and identity theft aren’t faraway concepts – it is happening in your local grocery store.

If it can happen at Hannaford, it can happen anywhere. Buyers must beware.