Store Not Liable For Lost Time Claims

Customers whose financial information was stolen through the breach of a grocery chain s computer system could not sue for time and effort spent in curing the risk of identity theft, Maine s highest court has ruled in answering a certified question.

Customers in six states sued in U.S. District Court. They said the defendant was liable for negligence after hackers stole 4.2 million credit and debit card numbers from the store s computer system.

The district court refused to dismiss all of the claims, concluding that the ability of individual s to recover damages depended on the scope of recovery allowed by Maine law. The district court certified to the Maine Supreme Court the question of whether plaintiffs without physical harm or economic loss or identity theft could be sue for the time and effort spent in avoiding foreseeable consequences of the data breach.

The Maine high court said no.

It explained that Maine case law does not recognize the expenditure of time and effort alone as harm. The plaintiffs argued that because their time and effort represented reasonable efforts to avoid reasonably foreseeable harm, it is compensable. The court refused to attach such significance to mitigation efforts. Unless the loss of time reflects a corresponding loss of earnings or earning opportunities, it is not a cognizable injury under Maine law of negligence.