[Dataloss] Consumers of Hannaford Brothers Co. Supermarkets FileClass Action Suit

Adam Shostack adam at homeport.org
Thu Mar 20 17:59:02 UTC 2008 

So I understand and sympathize with what you're saying.  At the same
time, they are legally mandated to disclose, and a large disclosure is
likely to trigger a lawsuit and discovery.  That's the society in
which we live.  It seems that shaping the news might well make more
sense.  I'm influenced here by Barbara Kellerman's "When Should a
Leader Apologize and When Not?," (Harvard Business Review, April
2006.) which is well worth reading.

Adam

On Wed, Mar 19, 2008 at 10:47:11PM +0000, Mike Simon wrote:
| This could not be a better example of why companies hesitate to disclose details. If this lawfirm is on the ball. They will get access to the exchange with Rapid7 which, according to the press release changes, indicates potential additional negligence in that the had a tool that may have prevented this problem and failed to use it properly. Not a helpful disclosure for Hannaford with respect to the class action. 
| 
| Mike
| -----Original Message-----
| From: lyger <lyger at attrition.org>
| 
| Date: Wed, 19 Mar 2008 22:25:16 
| To:dataloss at attrition.org
| Subject: [Dataloss] Consumers of Hannaford Brothers Co. Supermarkets File
|  Class Action Suit
| 
| 
| 
| http://sev.prnewswire.com/supermarkets/20080319/DC1720519032008-1.html
| 
| On March 19, 2008, the law firm of Berger & Montague, PC 
| (http://www.bergermontague.com) filed a class action suit in the U.S. 
| District Court for the District of Maine on behalf of all consumers in the 
| United States whose credit card or debit card data was stolen from the 
| computer network of Hannaford Brothers Co. ("Hannaford") supermarkets.
| 
| The complaint alleges that Hannaford was negligent for failing to maintain 
| adequate computer data security of customer credit and debit card data, 
| which was accessed and stolen by a computer hacker.
| 
| On March 17, 2008, Hannaford announced on its website that there was a 
| "data intrusion into its computer network that resulted in the theft of 
| consumer credit and debit card numbers." The stolen data included "credit 
| and debit card numbers and expiration dates," which were accessed from 
| Hannaford's computer system "during transmission of card authorization." 
| The intrusion affected all Hannaford stores located throughout the North 
| Eastern U.S., as well as Sweetbay stores in Florida.
| 
| Published news reports indicated that 4.2 million unique credit and debit 
| card numbers have been exposed to potential fraud. To date, there have 
| been approximately 1,800 cases of reported credit and debit card fraud 
| stemming from the breach.
| 
| [...]
| _______________________________________________
| Dataloss Mailing List (dataloss at attrition.org)
| http://attrition.org/dataloss
| 
| Tenable Network Security offers data leakage and compliance monitoring
| solutions for large and small networks. Scan your network and monitor your
| traffic to find the data needing protection before it leaks out!
| http://www.tenablesecurity.com/products/compliance.shtml
| _______________________________________________
| Dataloss Mailing List (dataloss at attrition.org)
| http://attrition.org/dataloss
| 
| Tenable Network Security offers data leakage and compliance monitoring
| solutions for large and small networks. Scan your network and monitor your
| traffic to find the data needing protection before it leaks out!
| http://www.tenablesecurity.com/products/compliance.shtml

More information about the Dataloss mailing list