Hannaford breach update: Class action lawsuits filed on behalf of victims

Two class-action lawsuits have been filed on behalf of customers of the Maine-based Hannaford Bros. supermarket chain, which on Monday acknowledged a data breach that exposed card numbers involved in 4.2 million credit and debit transactions, leading to about 2,000 cases of reported fraud.

Security breaches occurred from Dec. 7 to March 10 and involved 165 Hannaford stores in the Northeast, 106 Sweetbay stores in Florida and some independent stores in the Northeast that sell Hannaford products. The Hannaford breach is nowhere near as large as the TJX breaches that began in 2005 and involved at least 45.7 million credit and debit cards. But it has placed a renewed public emphasis on the retail industry's failure to protect all customer data. Hannaford officials say the data was "illegally accessed from our computer systems during transmission of card authorization."

Here's a look at a few developments that happened in the days after the breach was revealed:

• The law firm Berger & Montague of Philadelphia filed a class action suit in U.S. District Court in Maine on behalf of all consumers whose card data was stolen. The suit says Hannaford was "negligent for failing to maintain adequate computer data security of customer credit and debit card data, which was accessed and stolen by a computer hacker," according to a press release.

• Another lawsuit was filed by Bangor, Maine, attorney Samuel Lanham Jr., whose suit claims "the matter in controversy exceeds $5 million," according to the Bangor Daily News. Lanham's suit asks U.S. District Court to find Hannaford negligent and order the company to pay for credit monitoring needed by the data breach's victims.

• Computerworld blogger Robert Mitchell reported that one bank's analysis of 5,500 compromised Visa cards indicates that most affected card numbers were used in debit transactions involving PIN numbers.

"That's not great news for consumers, since with credit cards the user is only responsible for the first $50 in fraudulent transactions," Mitchell writes. "With debit cards, there is no such guarantee. Also, the money comes right out of your checking account, which means a large fraudulent withdrawal could make a hell of a mess of all the checks and electronic payments you have in process."

• Massachusetts Attorney General Martha Coakley issued an advisory to consumers who have shopped at Hannaford stores, with several pieces of advice. Hannaford shoppers may want to contact one of the three major credit bureaus (Equifax, Experian or TransUnion) and place a one-call fraud alert on their credit reports, Coakley states.

Consumers who find unexplained or unauthorized activity on their credit reports or bank accounts may consider several possible steps, including placing a security freeze on their credit reports and contacting the fraud departments of their credit card issuers and banks, Coakley states.

According to Hannaford, stolen data included credit and debit card numbers and expiration dates, but did not include customer names and addresses.