Attorneys representing Hannaford asked Judge D. Brock Hornby this week to dismiss the lawsuit, which comes from plaintiffs in multiple states, including Florida, Maine, and Pennsylvania. Hannaford attorneys argued that the plaintiffs whose accounts were abused got reimbursed by their card-issuing bank.
The plaintiffs' attorneys, meanwhile, asked the judge to allow the case to push forward as a class-action suit. If allowed to go to trial, the suit could award damages to potentially millions of Hannaford customers from various states who were affected by the breach.
Hornby will consider Hannaford's responsibility to its customers' data in the breach and whether it should be subject to legal action. "These are fascinating and difficult issues," Hornby reportedly said in court. He plans to provide his decision "soon," according to the report. Attorneys for the plaintiffs argued the timing of Hannaford's announcement of the breach -- allegedly three weeks after learning of the hack -- makes it liable.
"Rather than lose sales, it allowed customers to continue making purchases by debit and credit card, knowing that its electronic payments system was not secure, and that it was exposing these customers' accounts to fraud," wrote the attorneys in opposition to Hannaford's motion to dismiss the lawsuit.
Hannaford announced the breach on March 17, 2008, after discovering customers' debit and credit card data had been stolen during a three-month period.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.