PORTLAND, Maine (5/20/09)--A U.S. District Court ruling in Maine to dismiss all but one consumer class action lawsuits against Maine-based grocer Hannaford Bros. over its data breach doesn't address the question of whether the breached merchant is liable to card issuers for the costs of reissuing compromised cards. The Hannaford Bros. data breach compromised four million debit and credit cards and caused many financial institutions, including credit unions, to cancel and reissue the cards. Overall the Maine decision, rendered in a case that consolidated 21 consumer civil claims, is seen as a victory for merchants because it eliminates a large percentage of potential class plaintiffs, said InfoSecCompliance.com (May 19). However, "this case does not settle the question of potential liability to issuing banks for reissuance costs," said David Navetta in the publication's blog. That question "is a matter likely being settled behind the scenes pursuant to dispute resolution provisions in the operating regulations of key card companies Visa and MasterCard," he said. The Hannaford data breaches occurred between Dec. 7, 2007, and March 10, 2008. It was announced March 17, 2008. About 1,800 incidents of fraud were recorded by the time the breach was announced. Credit unions in New England, New York, and Florida were among the financial institutions that re-issued cards for members whose accounts were compromised (News Now May 14 and April 17, 2008).