Hannaford Breach Liability Case

In a SANS post recently it said “A federal judge will soon decide if Hannaford Bros. can be held liable for damages stemming from a data security breach late 2007 and early 2008. The attackers stole details of more than 4 million credit and debit cards. Attorneys for Hannaford have asked that the lawsuit be dismissed, while attorneys for the plaintiff want the judge to certify the case as a class-action lawsuit and allow it to go to trial. The plaintiff’s legal team maintains that Hannaford knew of the breach for at least three weeks before disclosing it last March. Hannaford’s lead attorney said that none of the plaintiffs suffered any actual damages; those whose cards were used to make unauthorized transactions were reimbursed by their issuing banks, and that the inconvenience of time the affected customers spent cancelling compromised cards and obtaining new ones does not merit a lawsuit.”

I hope Hannaford wins this case. Certainly there are negligent companies that should have to deal with litigation, but I am not convinced that Hannaford is one of them. This seems like another case where as soon as someone gets breached, they feel they can slap a lawsuit to get some easy money. That is just a very slippery slope, especially for those of us who know that you can never be 100% secure. Breaches will happen. Could Hannaford have done more…yes. Everyone could. Do they deserve this type of litigation? I don’t think so. We shouldn’t be setting a precedence like that.

http://pressherald.mainetoday.com/story.php?id=248452