A class action lawsuit has been filed against the supermarket chain alleging negligence in losing customer credit card and debit card data from their computer network. The lawsuit was filed in the US District Court for the District of Maine on behalf of all consumers in the United States whose data was stolen from the computer network of Hannaford Brothers Co. The class action claims Hannaford failed to maintain adequate computer data security of customer credit and debit card data, which was accessed and stolen by a computer hacker.
On March 17, 2008, Hannaford announced the data intrusion that resulted in the theft of consumer credit and debit card numbers and included expiration dates which were accessed from Hannaford's computer system during transmission of card authorization. Reports indicate that 4.2 million unique credit and debit card numbers have been exposed to potential fraud and so far, there have been approximately 1,800 cases of credit and debit card fraud stemming from the breach. The breach reportedly began on December 7, 2007 and wasn't contained until March 10, 2008. Hannaford stated that it became aware of the breach on February 27, 2008, but did not publicly announce it until almost three weeks later, on March 17, 2008.