retail news in context, analysis with attitude

The Boston Globe reports that US District Judge D. Brock Hornby has ruled that “only those customers who weren't reimbursed for fraudulent charges may sue the Hannaford Bros. supermarket chain over a data breach that exposed 4.2 million credit and debit card numbers to computer hackers.”

The breach took place in late 2007 and early 2008, and reportedly some 1,800 credit card numbers were stolen and used for unauthorized purchases.

The ruling is a win for Hannaford, which argued that customers reimbursed for any fraudulent charges really had nothing to sue over; the judge tossed out every complaint against Hannaford except one, from a Vermont woman who has not yet been reimbursed.

However, despite the win, Hannaford continues to be criticized for its handling of the case, with some saying the company waited a month after discovering the breach before it disclosed the problem to the public. Hannaford’s procedures, however, were in compliance with standard operating practices in such cases.

KC's View:
In may be that “standard operating practices” simply aren’t good enough in this age of transparency…and that may be the big lesson learned by Hannaford and every other company in this case. I can understand not wanting to go public while investigating the breach, since that might have hindered the ability to catch the perpetrators; however, that may not be a good enough explanation for customers.

The two most important words in dealing with almost any crisis are these: