damages, data breach, Hannaford, motion to dismiss Hannaford data breach payment card PCI DSS, payment card, PCI DSS
Federal Appeals Court Holds Identity Theft Insurance/Credit Monitoring Costs Constitute "Damages" in Hannaford Breach Case
By InfoLawGroup LLP on October 24, 2011
In a significant development that could materially increase the liability risk associated with payment card security breaches (and personal data security breaches, in general), the U.S. Court of Appeals 1st Circuit (the "Court of Appeals") held that payment card replacement fees and identity theft insurance/credit monitoring costs are adequately alleged as mitigation damages for purposes of negligence and an implied breach of contract claim. The decision in Hannaford could be a game changer in terms of the legal risk environment related to personal data breaches, and especially payment card breaches where fraud has been perpetrated. In this post, we summarize the key issues and holdings of the Court of Appeals.
damages, Hannaford, litigation, payment card, PCI DSS, security breach
"Damages" Last Stand - Maine Supreme Court Puts an End to the Hannaford Bros. Breach Suit
By InfoLawGroup LLP on September 22, 2010
The Maine Supreme Court has rendered its opinion on the "damages" issue in the Hannaford Bros. consumer security breach lawsuit. Again, the plaintiffs have been unable to establish that they suffered any harm as a result of the Hannaford security breach. Specifically, the Court ruled that "time and effort" alone spent to avoid or remediate reasonably foreseeable harm do not constitute "a cognizable injury for which damages may be recovered." In this blogpost we take a closer look at the Court's rationale.
ADCR, BJ, BJ Wholesale Club, Breach, card, Club, damages, doctrine, economic, economic loss doctrine, fraud, Hannaford, litigation, loss, Massachusetts, mastercard, negligence, payment, payment card, PCI DSS, PCI DSS litigation, retailers, TJX, unfair practices, unfair practices Massachusetts visa mastercard ADCR, visa, Wholesale
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift
By InfoLawGroup LLP on December 23, 2009
class action, FTC, Hannaford, malware, negligence, security breach litigation, SQL injection, State case law
Merchant Liability for "Time and Effort" Following Security Breach?
By W. Scott Blackmer on October 09, 2009
This week the federal court in the Hannaford class action asked the highest court in Maine to clarify whether cardholders' "loss of time and effort" are sufficient injuries to ground a negligence claim following a payment card security breach.
credit cards, Hannaford
Who is Minding the Legal Risk Around PCI?
By InfoLawGroup LLP on April 02, 2009
Hannaford
PCI: "Follow the Standards to the Letter"
By InfoLawGroup LLP on April 10, 2008
Hannaford
More Evidence of Hannaford-like Exploits?
By InfoLawGroup LLP on April 03, 2008
Breach, Hannaford
PCI, "Safe Harbor" and Hannaford
By InfoLawGroup LLP on March 28, 2008
Hannaford
Hannaford Class Action Update
By InfoLawGroup LLP on March 24, 2008
Hannaford, information security law
Article Exploring PCI-related Risks in the Hannaford Breach
By InfoLawGroup LLP on March 21, 2008
Breach, Hannaford
The Hannaford Breach and PCI Compliance
By InfoLawGroup LLP on March 18, 2008
