Hannaford Data Breach Case Ruling Coming

A U.S. District Court judge will decide in the next few days whether the Hannaford Bros. data breach class action suit will go to trial.

Judge D. Brock Hornby heard final arguments on April 1 in the U.S. District Court, Portland, ME on the class action suit brought against the supermarket chain that had a data breach exposing more than 4 million credit and debit cards last March.

Hornby's pending ruling will decide if parts or all of the case will go to trial. Hannaford's attorneys asked the judge to dismiss the lawsuit, filed days after the breach was made public on March 17, 2008. Plaintiffs' attorneys requested Hornby certify the case as a class-action suit and go to trial.

The class action lawsuit poses questions as to the level of merchant responsibility to secure electronic data that is processed with every credit or debit card purchase. It also asks what should the consequences be when the data is taken by hackers.

Between December 7, 2007, and March 10, 2008, the supermarket's systems were breached by hackers who took credit and debit card numbers, expiration dates and PIN numbers from people shopping at Hannaford supermarkets. The grocery chain operates more than 200 stores under various names in New England, New York and Florida. Around 1,800 fraudulent transactions were made by the time Hannaford announced the breach.

Hornby said he will issue a written decision as soon as he can. His opinion on the case will be found here when it is issued. This class action combines several lawsuits that were filed against Hannaford last year.

The attorneys for the plaintiffs are asking for added damages, saying Hannaford allegedly was aware of the breach at least three weeks before the company made it public.

Hannaford's attorneys say the plaintiffs didn't suffer any actual damages, and those cardholders who lost money from the fraudulent charges were reimbursed by the issuing banks. Hannaford's lead attorney, Clifford Ruprecht says the system of protections by credit card companies, including Visa, make lawsuits like this class action unnecessary and waste court resources. Ruprecht says there is not a precedent for what the plaintiffs propose, and the problems and inconvenience of cancelling cards don't amount to the legal foundation for a class-action lawsuit.

One legal expert familiar with the case told BankInfoSecurity.com that he expects the judge to turn down the case. "There is a 60-40 chance that the case will be turned down," he said on Thursday. In his opinion, the legal team representing the class action doesn't have a strong enough case.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.