Retail Chain’s Data Security Breach Did Not Injure Customers

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

Retail grocery chain customers whose financial information was stolen during a breach of the chain's computer system did not sustain actual harm and could not pursue claims for negligence and implied contract under Maine common law, according to Maine’s highest court.

The customers asserted that they were injured by Hannaford's failure to prevent and notify them of the breach.

Dealing with Fraudulent Charges

The expenditure of time and effort to identify and remediate fraudulent charges on their credit and debit card accounts did not constitute a cognizable injury, in the absence of physical harm, economic loss, or identity theft, the court held.

The time and effort expended by the customers represented the ordinary frustrations and inconveniences confronted by everyone in daily life, the court said. The question had been certified to the court by the federal district court in Portland, Maine (CCH Privacy Law in Marketing ¶60,382).


The decision is In re Hannaford Bros. Co. Customer Data Security Breach Litigation, CCH Privacy Law in Marketing ¶60,534.

Further information about CCH Privacy Law in Marketing appears here.