Home | News Alerts | Court Asked to Consider Retail Liability

Court Asked to Consider Retail Liability

Should consumers be compensated for breach costs?

October 15, 2009

In a case that could influence how other data breach-related claims are handled, Maine’s Supreme Court will consider whether consumers are entitled to reimbursement for costs related to dealing the with the aftermath of a data breach, Wired reports.

A federal judge’s decision to request the Supreme Court’s consideration of the case reverses a previous dismissal of a class-action suit filed against supermarket chain Hannaford Bros.

In May, U.S. District Court Judge D. Brock Hornby, ruled breach victims were not entitled to restitution. The 2007-08 breach exposed 4.2 million credit and debit card numbers to hackers. Some 1,800 account numbers are known to have been used fraudulently, Wired reported.

Hornby previously dismissed all but one complaint against Hannaford, ruling that no contract existed between the plaintiffs and Hannaford, and that the hassle of dealing with a breach didn’t constitute an actual monetary loss. The only suit not thrown out involved a Vermont woman claiming her bank did not reimburse her losses.

On Oct. 12, Hornby granted the plaintiff’s motion that the Supreme Court be asked to weigh in on whether time loss and anxiety resulting from the breach “constitute a cognizable injury under Maine common law,” according to Storefront Backtalk. “Whether time and effort spent mitigating or averting harm from actionable conduct...is alone sufficient to recover damages is uncertain under Maine law,” Hornby wrote in a 16-page ruling, cited by ComputerWorld.

Broader implications

Most courts have tended to dismiss consumer class-action lawsuits following breaches compromising consumer data, The Industry Standard reported. Though card-issuing banks typically cover actual monetary losses, the idea that retailers might have to compensate consumers is typically rejected.

A ruling in this case, however, could have broad implications. “What happens when a retailer suffers a data breach? Even if no cards are misused, you have a lot of consumers who may suffer a little bit of economic harm but a substantial amount of inconvenience,” Mark Rasch, a lawyer who is the former head of the U.S. Justice Department’s High-Tech Crimes Unit and today serves as principal of Secure IT Experts, told Storefront Backtalk. “What the court has done here is kept open the possibility you may have to compensate them for their inconvenience.”