UNITED STATES DISTRICT COURT
DISTRICT OF MAINE
IN RE HANNAFORD BROS. CO. ]
CUSTOMER DATA SECURITY ] MDL DOCKET NO. 2:08-MD-1954
BREACH LITIGATION ]
DECISION AND ORDER ON DEFENDANT
HANNAFORD BROS. CO.’S MOTION TO DISMISS
A customer uses a credit card or debit card to buy groceries. A third party steals the electronic payment data from the grocer. Can the customer then recover from the grocer any loss resulting from the third-party data theft? That is the question this case poses.
The consumer plaintiffs see electronic payment systems as a technological development that, in addition to convenience, has created great risk of fraud to consumers, “increas[ing] exponentially the risk that consumers will be victimized by fraudulent misuse of their account access information.” According to them, “the financial chaos and disruption of personal affairs that will churn in the wake of a massive theft of confidential credit and debit card access information is readily foreseeable, indeed, almost inevitable.” The plaintiffs say that “[t]he law must step in to protect persons impacted by the actions of others over whom they have no effective control. This is certainly the case with credit card customers versus merchants and financial institutions.”1
1 Pls.’ Opp’n to Def.’s Mot. to Dismiss with Incorporated Mem. at 3, 42, 44 (Docket Item 63).
The defendant grocer, Hannaford Bros. Co. (“Hannaford”), on the other hand, sees a well-functioning financial payment system that depends upon complex contractual relationships among the participants. These participants are consumers, merchants, organizations that create the card brands, banks that issue the cards to the consumers, and banks that accept the card transactions presented to them by the merchants.2 Hannaford points to consumer protections that law and contract already provide,3 and lists “numerous reasons why the institutional competencies of the judiciary are not well-suited to …