PORTLAND, Maine (AP) - Hannaford Bros. Co. says unauthorized software installed on the supermarket chain's internal servers enabled a massive data breach that compromised up to 4.2 million credit and debit cards.

The Maine-based grocer confirmed a report in The Boston Globe that it told Massachusetts regulators this week about the link to the illicit computer program.

Hannaford spokeswoman Carol Eleazer said the company doesn't know how the malicious software, known as malware, got on the servers.

The company has said that the data theft, which occurred between Dec. 7 and March 10, happened as shoppers swiped their cards at checkout line machines and the information was transmitted to banks for approval.