Lawyers for consumers affected by a huge data breach involving the Hannaford grocery chain have asked a federal judge to reverse himself and to allow a class-action lawsuit against the grocer to proceed. In a twist, the attorneys are asking that any awarded money be given to the banks, who would then—in theory—distribute it to victim consumers.
Attorneys wrote to U.S. District Court Judge D. Brock Hornby that the Hannaford case provides "an opportunity for the use of contemporary technology to ensure a very wide and complete distribution of the proceeds of any judgment or settlement directly to the persons harmed. Based on class certification discovery, it appears that the identity of each Class Member and the amount of his/her mitigating expenditure is recorded in electronic form by each of the card-issuing banks. In the event of a judgment or settlement, the recovery can be paid pro-rata to the banks, which can then electronically pro-rata credit the accounts of the Class Members, subject to a recipient's right to reject the credit and opt out at the time of distribution. This can all be done without disclosure of the actual identity of any bank customer. It is hard to imagine that a card-issuing bank would not cooperate in a process that would provide cash benefits to its customers."
No, it's really not at all hard to imagine the likes of Chase Manhattan and Fifth Third not being at all cooperative with a new and untested method. This is especially true given that the consumer recipients are not likely to be expecting the payments nor would they likely know the exact size of those payments. Therefore, the normal emergency-backup way banks can learn of discrepancies—such as when customers call up screaming that their paycheck is 9 cents lower than it should be—might apply here.
But that all deals with handling the money from a successful class-action lawsuit. The only ruling the court has made on this thus far is to deny that class-action from even being formed.
The argument the consumer's lawyers made is that Hornby had declined the class certification because, in part, the lawyers' points were not supported by expert testimony or expert evidence. The new filing argues that such expert testimony is not needed here.
"Plaintiffs submit that expert testimony is not necessarily needed to make the connection between the breach, its announcement, and the card cancellations and purchases of credit security products. That is a matter of common sense inference," the filing said. "This is not like a medical causation case, where the causative relationship between exposure to a particular substance and subsequent medical harm must be established by expert testimony. The only reason advanced why an unusually large number of compromised cardholders cancelled their cards and bought credit security products right after becoming aware of the Hannaford breach is that they did so for the same reasons the Plaintiffs did, to mitigate the dangers of harm from fraudulent charges. Expert testimony will enable a degree of refinement and precision in the estimates, but is not required to establish the connection."
The lawyers added: "In the absence of any other likely reason for the dramatic increase in insurance purchases and card cancellations, it is reasonable to infer that a large portion of these purchases and cancellations were efforts by the respective cardholders and their financial institutions to do the same thing that the Plaintiffs did, namely mitigate the effects of the breach on them. Hannaford has certainly had the opportunity to demonstrate that there were other explanations for dramatically increased insurance purchases or card cancellations for this particular customer group during these time periods and has failed to do so."
Plaintiffs ask that the judge suspend his order denying the class certification and give them 60 days to prepare new evidence.
- Supermarket News story
Dismissing Hannaford Lawsuits, Federal Judge Tells Consumers: Show Me The (Lost) Money
Federal Appeals Court To Retailers: In A Breach, Pay For The Damn Replacement Card. And Buy Some Insurance, Too
During A Data Breach, Customers Will Stay—Unless You Alienate Them One At A Time