On March 18, two federal class action lawsuits were filed against Delhaize, the parent company of Hannaford and Sweetwater supermarkets. These filings were made only one day after the two retail grocery chains announced that hackers had accessed 4.2 million customer credit card numbers.
Plaintiffs filed suit in Florida, where Sweetwater operates, and in Maine, where Hannaford operates. See Dobryniewski v. Delhaize America, Inc. et al, No. 2:2008cv00235 (M.D. Fla. filed Mar. 18, 2008); Ryan v. Delhaize America, Inc. et al., No. 1:08-cv-00086 (D. Maine filed Mar. 18, 2008). According to their press release, the attorneys who filed the Maine suit also represented plaintiffs in the recent TJX settlement. Their complaint is available here as a .pdf.
Additional suits were filed on March 19 in Virginia, see Ferguson v. Delhaize, No. 3:2008cv00177 (E.D. Va. filed Mar. 19, 2008), on March 20 in Concord, New Hampshire, see Nenni v. Hannaford Bros., No. 1:2008cv00106 (D.N.H. filed Mar. 20, 2008), and on March 21 in Tampa, see Grimsdale v. Delhaize, No. 8:2008cv00538 (M.D. Fla. Mar. 21, 2008).
The lawsuits allege, inter alia, that the retailers negligently handled customers' private data, were negligent in failing to alert customers of the security breach in a timely manner, violated state unfair trade practices statutes, breached implied contracts to protect customers' information, and breached fiduciary duties customers.
Useful Link: FTC Guide - Protecting Personal Information, A Guide for Business (.pdf)
Related Post: Supermarkets Hit by Data Security Breach