“Mop up on aisle eight.”

Well, no, not really. But for local banks and credit unions, the cleanup of last week’s security breach at Hannaford has been a costly headache. Staffs are knee-deep in credit-and-debit-card forms for customers whose cards were compromised in the breach that affected thousands of Mainers.

“It’s a large project, but we have to do what’s right for our members,” said Phil Moreau, president of Rainbow Credit Union, which is in the midst of re-issuing 4,100 cards – all of them compromised in the breach.

Eight or nine staffers have been working since the middle of last week trying to process the applications, and other additional staff were called in to handle phone calls that flooded the area’s biggest credit union when news of the breach broke. About 4.2 million cards used at Hannaford stores in the Northeast and Sweetbay stores in Florida were affected. Of those, about 1,800 have had detectable fraud.

“Between the costs of re-issuing, the postage, the extra work … it’s sizable,” Moreau said. “We’re at $20,000-plus.”

Officials at the credit union decided to issue new cards to all customers with compromised accounts. Other financial institutions, such as Norway Savings Bank, are replacing cards per customer request.

“We took the approach not to do a mass re-issue,” said Holly Young, executive vice president at the bank.

Her reasons were two fold: Norway Savings Bank only issues debit cards, not credit cards, and most of the fraud detected from the breach were in credit card accounts. And the software her bank uses to monitor for fraud is exceptionally good.

“We want customers to trust the system,” she said. About 1,000 customers have requested new cards of the 7,000 that were compromised by the breach. The bank has 20,000 debit cards overall.

Chris Pinkham, president of Maine Association of Community Banks, said it’s too soon to tell what the financial fallout will be overall from the breach.

“It’s very substantial,” he said, noting that the cost of reissuing cards, PIN numbers, and security protocols is labor intensive. If there’s any good news, it’s that the worst of the clean-up is behind banks and credit unions, which were “just buried” with phone calls from worried customers last week.

For Jim Delamater, president of Northeast Bank, the costs associated with protecting accounts from electronic fraud continues to mount.

“Clearly this is becoming a cost of doing business that any bank could not have anticipated when they built their budgets last year,” said Delamater, who estimates his bank will spend about $50,000 re-issuing cards at customer requests, and in the outreach efforts the bank made to reassure clients that their accounts were safe. “These are the kinds of overhead expenses that are hard to predict.”

Rachel Caron, executive vice president at Maine Family Credit Union, knows just what he means. The credit union is re-issuing 4,000 cards that were compromised. For some members, it will be the third new card issued because of retail breaches.

“Some members were caught in the TJ Maxx (breach) last year,” she said.

That retailer paid New England financial institutions more than $40 million after its computer system was hacked and data stolen. Moreau of Rainbow said the TJ Maxx payment amounted to about 10 cents on the dollar of the credit union’s costs.

Young said there’s a lesson there for retailers to learn.

“All retailers and corporations like Hannaford really have to step up and have security be No. 1,” she said. “It’s critical that they make sure their systems are secured.”

She estimates Norway Savings Bank has spent about $8,000 in dealing with the latest breach. She hopes some of it can be recouped from Hannaford.

“I hope this will be a wake-up call to other retailers,” she said. “They have to secure their information … there are ways to do it.”