News

Most Claims Dismissed in Hannaford Data Breach Suit

Without damages, there's no case, judge rules

By Jaikumar Vijayan, Computerworld

Page 2

From a legal standpoint, it shouldn't matter whether the fraudulent charges were reversed, or whether it cost money for someone to reinstate previously authorized credit or account numbers, Murray said. "We believe that they have all suffered actual damage," he said. "We don't believe there is any legal distinction between the ways fraudulent charges impacted the consumer."

The Hannaford opinion is similar to < href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Security&articleId=9032778">several others involving data breaches in recent years. In August 2007, the U.S. Court of Appeals for the Seventh Circuit threw out a a proposed class-action lawsuit against Evansville, Ind.-based Old National Bancorp (ONB) involving a 2005 data-breach incident.

In June 2007, a U.S. District Court judge in Ohio dismissed class-action claims against Litton Loan Servicing LP over a breach involving personal data. In that case, the judge said that without actual identity theft occurring, the plaintiffs suffered only anticipated injury and therefore did not need to be compensated. In 2005, a federal judge threw out a lawsuit against TriWest Healthcare Alliance in Phoenix saying it was unclear whether any of the 500,000 records that were stolen had actually been accessed or used by thieves.