TJX Data Breach Sparks Class Action

The Massachusetts Bankers Association and several other trade groups and financial companies filed a class action saying negligence by TJX Cos. in its handling of card data resulted in a massive security breach.

The suit, filed Wednesday in the U.S. District Court for Massachusetts, seeks to recover the costs associated with the incident. The Framingham retailer said in January that that hackers had been accessing its systems since at least July 2005; it later said as many as 45 million cards may have been exposed.

According to the suit, TJX failed to comply with the card companies' security policies. The retailer "knew or should have known that it was not in compliance and was not safeguarding customer data."

The other plaintiffs are the Connecticut Bankers Association, the Maine Association of Community Banks, Eagle Bank, Saugusbank, and Colinsville Savings Society.

According to the lawsuit, bankers' expectations that retailers like TJX would protect data played an important role in their own risk management policies. "Plaintiff banks would have attempted to take additional steps to protect themselves but for the misrepresentations of TJX."

The banks also took issue with TJX's handling of the breach after it was discovered. The suit says that even though the retailer has said it would strengthen its security, it "has not publicly stated the nature of the insufficiencies that required strengthening."

Before the breach was announced, the Massachusetts Bankers Association helped write a bill that would require retailers in the state to reimburse banks for the costs they incur after a breach at that retailer.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER