PORTLAND – Maine banks and credit unions could face greater exposure to theft of credit and debit card numbers from the Hannaford Bros. Co. data breach than from the far-larger TJX Cos. breach because of the concentration of Hannaford supermarkets in the state, an official said Friday.

Maine has 51 Hannaford supermarkets and another 19 independent markets that sell Hannaford products, compared with just 15 TJX-owned stores. And people tend to spend more in supermarkets since they’re often shopping there once or twice a week, said John Paradise of the Maine Credit Union League.

“Food is one of those things that everyone needs, so of course the pool of users in the state would be much larger,” Paradise said. “We’re still trying to get our arms around it and figure out what the whole scope of it is.”

Already, the 68 credit unions that belong to the Maine Credit Union League are reissuing upward of 100,000 credit and debit cards to try to limit the amount of fraud, Paradise said.

Hannaford, based in Scarborough, disclosed Monday that 4.2 million credit and debit cards were exposed during a data breach and that 1,800 of the cards had been used fraudulently. The data breach affects Hannaford stores in the Northeast and Sweetbay stores in Florida. Both are owned by Delhaize America.

So far, the scope of the breach pales in comparison to the TJX data breach involving at least 45 million credit and debit cards, along with card users’ personal information.

Mark Walker of Maine Bankers Association agreed Friday about the potential for exposure for Maine banks and credit unions. “Clearly there is more potential risk because almost every Maine resident has shopped at a Hannaford’s, and many of them use credit cards and debit cards,” he said.

But Walker remained hopeful that the amount of fraud would be low because of the type of data breach and the fact that the hackers didn’t get access to information beyond card numbers and expiration dates.

“So far, we haven’t seen a lot of fraud,” Walker said Friday. Some banks are reissuing cards, while others are taking a wait-and-see attitude, he added.

Hannaford first became aware of unusual credit card activity on Feb. 27. Investigators discovered that the data breach began on Dec. 7; it was contained on March 10.

Hannaford warned customers to watch their credit and debit card statements and alert authorities in the event of unusual transactions. It also told customers to beware of hoax e-mails and calls from people claiming to represent Hannaford and seeking to collect personal information.

But Massachusetts Attorney General Martha Coakley said Friday that consumers may want to take the additional steps of placing a fraud alert with one of the three major credit bureaus, ordering and examining credit reports, and contacting the fraud departments of card-issuing institutions.

She also encouraged consumers to consider placing a security freeze on their credit reports. The $5 cost is waived in the event of credit or debit card fraud.

The investigation was continuing Friday and Hannaford was still trying to sort out exactly what happened, said Carol Eleazer, Hannaford’s vice president for marketing.

“It was an attack and we don’t know who did it,” Eleazer said. “We don’t know if we’ll ever know. We’re all reeling from its effects.”