Only those customers who weren’t reimbursed for fraudulent charges may sue the Hannaford Bros. supermarket chain over a data breach that exposed 4.2 million credit and debit card numbers to computer hackers, a federal judge has ruled.
The decision by U.S. District Judge D. Brock Hornby dismissed all but one of the civil claims brought after the data breach was revealed in March 2008.
Between Dec. 7, 2007, and March 10, 2008, hackers accessed card numbers used at 165 Hannaford stores in the Northeast and 106 Sweetbay stores in Florida. At least 1,800 numbers were stolen and used for unauthorized purchases, Hannaford officials have said.
Electronic payment processing services for all the transactions took place in Maine, where Hannaford is headquartered, and lawyers agreed in April that Maine law should apply. In his decision, Hornby state law allows consumers to recover damages “only if the merchant’s negligence caused a direct loss to the consumer’s account.”
“When a merchant is negligent in handling a customer’s electronic payment data and that negligence causes an unreimbursed fraudulent charge or debit against a customer’s account, the merchant is liable for that loss,” Hornby wrote. Not covered by state law, he wrote, were “collateral consequences.”
More than 20 lawsuits in Florida, Maine, New Hampshire, Massachusetts, New York and Vermont were consolidated into one case before Hornby. The judge’s decision tosses all complaints except one, from a Vermont woman who was not reimbursed for fraudulent charges.
The plaintiffs were critical of the way Hannaford handled the case. They say Hannaford learned on Feb. 27, 2008, that its system had been compromised and that Hannaford understood nature of the breach on March 8, but there was no public disclosure until March 17.
Hannaford was found to be in compliance with security standards required by the Payment Card Industry, a coalition founded by credit card companies.Even though it met industry standards, Hannaford has reviewed its procedures and taken additional steps to ensure there’s no repeat of the data breach, said Mike Norton, a spokesman at Hannaford’s headquarters in Scarborough, outside Portland.
Topics Cyber Legislation Claims Maine
Was this article valuable?
Here are more articles you may enjoy.
Downward Spiral: Florida Insurance Agent Charged with Embezzlement After Lawsuits 
Can a Streaming Service Agreement Require Arbitration in a Food Allergy Death? 
Debby’s Florida Claims Already Near 12,000 as Yaworsky Says Market Is Strengthening 
California Commissioner Moves to Implement Insurance Rate Review Reforms From This Issue
