Hannaford Breach: Federal Judge Dismisses All But One Claim

No Allowance for 'Ordinary Frustrations and Inconveniences' The federal judge who heard the collective civil claims filed against the Hannaford Bros. supermarket chain issued his opinion on the 21 claims on Tuesday in Portland, ME. All but one of the 21 civil claims filed against the supermarket giant for alleged failure to protect consumers during the company's network breach in late 2007 and early 2008 were tossed.

U.S. District Court Judge Brock Hornby in his 39-page ruling states the only consumers who will be allowed to proceed with the lawsuit were those who were not reimbursed by their banks for the fraudulent charges on their credit cards.

Consumers who were simply inconvenienced or claimed to have suffered distress because of the data breach have no legitimate claims in this case, says Hornby. This ruling eliminates the changes that any class-action lawsuit would move forward.

"There is no way to value and recompense the time and effort that consumers spent in reconstituting their bill-paying arrangements or talking to bank representatives to explain what charges were fraudulent," writes Hornby.

"Those are the ordinary frustrations and inconveniences that everyone confronts in daily life with or without fraud or negligence. Maine law requires that there be a way to attach a monetary value to a claimed loss. These fail that requirement," he states.

When the breach occurred between December 2007 and March 2008, hackers got an estimated 4 million credit card and debit card numbers. By the time Hannaford announced the breach on March 17 there were 1,800 fraudulent charges made.

Consumers from several states filed lawsuits against the supermarket chain seeking damages for the lost time and money spent dealing with the credit card theft. Those lawsuits were consolidated in 2008 into one compliant with the 21 plaintiffs that were heard at the U.S. District Court in Portland, ME.

Hornby's ruling eliminated the complaints from all but one plaintiff, Pamela Lamotte of Colchester, VT. Her bank did not reverse the fraud charges made by the Hannaford hackers. The remaining 20 plaintiffs claims for damages ranged from emotional distress to incidental personal costs incurred because of the breach.

Lamotte will be allowed to proceed with her suit against Hannaford for alleged breach of contract, negligence and violation of Maine's Unfair Trade Policies Act.

In his ruling, Hornby explains his job was to apply Maine law to the complaint, not expand upon it. "The plaintiffs ask me to conclude that this new area of electronic data theft is rife with risk and damage, calling for a new common law remedy," Hornby states. "Such an expansion of Maine law is for the Maine Law Court or the Legislature, not for me as a federal judge."

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.