Banks denied class status against TJX
Judge's ruling is a win for retailer
In a legal victory for TJX Cos., a federal District Court judge in Boston yesterday told banks suing the Framingham retailer for damages following its massive data breach that they cannot pursue their claims as a class.
Technically, Judge William G. Young's decision to deny class certification does not end the claims against TJX by banks that want the parent of stores including TJ Maxx and Marshalls to pay for the costs of reissuing credit and debit cards following a computer system breach by unknown hackers through last year. By the latest counts, nearly 100 million cards were compromised, the largest breach on record and one that has drawn much attention amid a growing threat from hackers.
But the decision will make it harder for plaintiffs to proceed, since they will now have to pursue claims individually and many may decide it isn't worth the expense, said lawyer Stefan L. Jouret, a litigator at Donovan Hatem LLP in Boston. "I think it's a very severe blow to the plaintiffs' case," he said.
TJX had already won a decision in October dismissing negligence and contract claims and still faces claims it negligently misrepresented its security situation. But there are more legal battles ahead for TJX and the banks that are suing the retailer for unspecified damages, including statewide banking trade groups in Massachusetts, Maine, and Connecticut, plus small institutions including Saugusbank and Collinsville Savings Society in Connecticut.
Bruce Spitzer, spokesman for the Massachusetts Bankers Association, one of the plaintiffs in the case, said it is studying the decision. "This is only one step in a long complicated case, and we are looking forward to the next hearing date," he said. "Nothing in today's decision discusses or vindicates the wrongful conduct of TJX."
A TJX spokeswoman said the company wouldn't comment on the ongoing litigation.
In his order, posted yesterday on the court's website, Young wrote that he "has serious doubts" about the proposed class of plaintiffs that would include many more banks, partly since it won't be obvious that a bank's injuries were due to the data breach as opposed to a fraud that would require more individual reviews.
Also, he wrote the proposed class would include large banks that both issue and process credit cards, like TJX's processor Fifth Third Bancorp of Ohio. These "mixed" banks could be harmed by a decision that processors could be held liable in the case of a breach and thus would have different interests than banks that only issue cards to customers, he wrote.
Young invited the plaintiffs to press their claims in Massachusetts Superior Court's business law division. However, he noted his decision on class status could change pending a decision on a separate motion on why the banks are entitled to recover funds, scheduled for a Dec. 11 hearing.
Ross Kerber can be reached at kerber@globe.com. 