PORTLAND, Maine (9/23/10)--Victims of the massive data breach that hit Hannaford Bros. supermarkets in 2008 cannot sue for damages if they did not suffer financial losses, physical harm or identity theft, the Maine Supreme Judicial Court ruled Tuesday. In a unanimous decision, the court ruled that time and effort alone do not constitute an "injury" for which damages may be recovered under Maine law (Sun Journal Sept. 22 and Associated Press Sept. 21). Last year U.S. District Court Judge D. Brock Hornby had asked the higher court to decide whether consumers who had been reimbursed for their losses related to stolen credit card numbers have the right to seek damages for the time and effort it took them to straighten our their accounts. The Hannaford breach occurred between Dec. 7, 2007, and March 10, 2008, when cyber criminals hacked into the grocery store chain's system and accessed card numbers used at 165 Hannaford supermarkets in the Northeast and 106 Sweetbay stores in Florida. Of the four million cards compromised, at least 1,800 numbers stolen were used for unauthorized fraud. The breach was discovered Feb. 27, 2008, and made public March 17, 2008 (News Now April 3, 2009). The breach caused many credit unions to reissue credit cards to members whose information was compromised. It also resulted in more than 24 lawsuits filed against Hannaford and its parent compnay, Delhaize America Inc. The cases were consolidated into one central complaint. Attorneys had sought damages for time and money lost as well as damages because Hannaford allegedly knew about the breach three weeks before it was made public. The delay, said attorneys, exposed consumers' accounts to more fraud (News Now Aug. 1, 2008, and April 3, 2009). If there is no appeal, the decision would end the lawsuit against Hannaford.