PORTLAND, Maine (3/27/13)--A U.S. District judge in Portland, Maine, has denied a class-action certification to plaintiffs in the data breach lawsuit against Hannaford Bros., a New England grocery chain.
The case is a consolidation of a number of civil lawsuits filed. Plaintiffs sought compensation for costs they bore in replacing compromised debit and credit cards, reimbursing fraudulent charges on the cards, notifying members or customers whose cards were compromised, closing and setting up new accounts, and footing the bill for credit and ID theft monitoring and insurance services.
Hannaford Bros. suffered the point-of-sale breach from Dec. 7, 2007, through March10, 2008, when an estimated four million card numbers were stolen . The numbers were used at 165 Hannaford markets in the Northeast and 106 Sweetbay supermarkets in Florida (News Now Nov. 30, 2011).
U.S. District Judge D. Brock Hornby's opinion noted that the plaintiffs satisfied all the criteria but one--predominance--to be designated a Rule 23 (b) (3) class. The rule provides for class certification where "questions of law or fact common to class members predominate over any questions affecting only individual members," the ruling said.
Hannaford's argument--that it has a due process right to cross-examine every class member individually about their experience related to damages--"would basically eliminate consumer class actions," said the ruling. On the other hand, Hornby added, plaintiffs could not provide the total lump sum of damages without an expert to review the data. "Without an expert, they cannot prove total damages, and the alternative…is a trial involving individual issues for each class member as to what happened to his/her data and account, what he/she did about it, and why."
The argument noted that the plaintiffs satisfied all the other criteria for the class:
The judge noted that the plaintiffs needed to "show that Hannaford was negligent or breached an implied contract, that Hannaford's conduct caused the data breach, that the data breach affected their debit or credit cards, and that they took reasonable mitigating efforts as a result."