Business & Finance
01:12 PM

Banks Hit T.J. Maxx Owner With Class-Action Lawsuit

The Massachusetts Bankers Association is being joined by at least two other groups in a lawsuit that is seeking "tens of millions of dollars."

The security breach that hit TJX Companies Inc. is still causing trouble for the U.S. retailer.

Less than a month after TJX disclosed in a Securities and Exchange Commission filing that more than 45 million credit and debit card numbers may have been stolen from its IT systems over an 18-month period, the company is being hit with a class-action law suit seeking "tens of millions of dollars." The Massachusetts Bankers Association, which represents 207 financial institutions, announced that it is filing the suit in federal court in Boston.

The MBA also said in a release that the Connecticut Bankers Association, the Maine Association of Community Banks, and individual banks are joining as co-plaintiffs. Together, the three associations represent nearly 300 banks. Other banks can still join the suit.

TJX is the parent company of T.J. Maxx, Marshall's, HomeGoods, and other retailers. The security breach, which was announced in January, is the largest customer data breach on record.

A statement from the MBA noted that as a result of the TJX breach, there have been "dramatic costs" to financial institutions in their effort to protect cardholders.

"The MBA made a decision to file a class action suit because we believe we are in the best position to achieve success for our members and customers," said Daniel J. Forte, president and CEO of the MBA, in a written release. "With the possible exception of the banks from California that could also decide to join us, our New England institutions have had the most exposure to this massive data breach. We believe TJX has more stores in our region than anywhere else other than California and, of course, it is headquartered here in Massachusetts."

According to the MBA, banks throughout New England continue to receive lists of "hot" cards that have been exposed in the TJX data breach -- more than three months after TJX first disclosed that there had been a problem.

"Protecting consumers is our number one priority," said Lindsey Pinkham, senior VP of the Connecticut Bankers Association, in a written statement. "However, retail data breaches are getting larger and more frequent and we cannot continue to absorb the costs."

TJX discovered the break-in on Dec. 18, and it most likely dates back to July 2005. Thieves working online may have stolen card data from TJX's Framingham, Mass., computer system during the approval process, in which payment data is transmitted to card issuers without being encrypted.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest August 03, 2015
The networking industry agrees that software-defined networking is the way of the future. So where are all the deployments? We take a look at where SDN is being deployed and what's getting in the way of deployments.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 26, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.