BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.
To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.
To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.
BOSTON—An appeals court's decision to permit negligence and contract putative class action litigation to proceed in a grocery store chain data breach because of the alleged damages incurred could signal a change in courts' approach to this issue, says an expert.
According to the decision by the 1st U.S. Circuit Court of Appeals in Boston in John Anderson et al. vs. Hannaford Bros. Co. et al., the electronic payment processing system of the Scarborough, Maine-based grocery chain was breached on Dec. 7, 2007.
Hannaford first learned of the breach in February 2008. Its first public announcement was in March, saying the breach affected as many as 4.2 million debit and credit card numbers belonging to individuals who had made purchases at more than 270 of its stores.
Twenty-six separate suits were filed against Hannaford arising from the breach and were consolidated into one suit. Plaintiffs said they experienced more than 1,800 unauthorized charges to their accounts and suffered several categories of losses as a result of the breach.
“Plaintiffs' claims for identify theft insurance and replacement card fees involve actual financial losses from credit and debit card misuse,” a three-judge appeals court panel said in its Oct. 20 ruling. “Under Maine contract law, these financial losses are recoverable as mitigation damages as long as they are reasonable,” the court ruled in partly affirming and partly reversing a lower court ruling.
A Hannaford spokesman declined comment.
Discussing the decision, Scott L. Vernick, a partner with law firm Fox Rothschild L.L.P. in Philadelphia, said until the ruling, potential class actions relating to data breaches generally have been dismissed early on, either because the plaintiffs did not have standing to sue or there was no threat of actual injury.
Mr. Vernick, who was not involved with the case, said he believes this may be the first federal appeals court to allow such a case to proceed on the basis of alleged damages sustained.
“The real question,” Mr. Vernick said, is “does this begin to signal a turn, and if it does, why does it and what does it mean?”
NEW YORK—Risk managers must address an array of cyber threats, according to a presentation at the Business Insurance Risk Management Summit in New York.