Banks to Appeal TJX Decision

The financial institutions want to sue the retailer under a class-action designation.

As a retailer defending itself because of the world's worst data breach, TJX has turned over more than 2.5 million pages of documents. That—plus the decision to appeal and some shifting of the blame to MasterCard—were the highlights from a series of federal filings late Dec. 6.

In an anticipated move, lawyers for the banks that are suing TJX formally declared their intent to appeal to a federal appellate panel a Nov. 29 decision by U.S. District Court Judge William Young to deny class certification for their case.

If that decision doesn't change, it likely means the death of the last federal case against TJX for the nation's worst credit-card data breach because of the difficulty in many of the banks in pursuing their own lawsuits.

Still, bank attorneys said Dec. 6 that a handful of the plaintiffs—"five banks and three banker associations"—are still actively involved and said for the first time that "plaintiffs intend to prosecute one or more lawsuits in state court," most likely in Massachusetts.

Although several participants said the judge's decision is likely to survive, that class-action decision could be changed in one of two ways. Young himself said he might change his mind after oral arguments scheduled for Dec. 11. The second way is for the appellate panel to overrule Young.

In other TJX case tidbits from the Dec. 6 federal filings, TJX lawyers said they have already submitted to bank attorneys more than 2.5 million pages of documents, as well as other evidence. That was entered as part of a request for Young to give both sets of attorneys more time to prepare expert reports.

Also, in making an argument to Young that several major financial players—including MasterCard—be forced to submit their own documents, TJX officials said the credit card company was partly responsible for the damage from the data breach.

The plaintiffs include three MasterCard banks: Eagle Bank, Collinsville Savings Society and AmeriFirst Bank. Those banks have argued that TJX helped cause the breach by misleading them on their security preparedness. On Dec. 6, TJX countered, saying the bank's losses were caused "not by any deceptive conduct on the part of TJX, but rather by the failure of MasterCard to implement measures to protect its members against and/or the failure of MasterCard's members to follow MasterCard's recommended practices for protecting themselves against the risk of payment card account data being stolen from a merchant such as TJX."

Specifically, TJX's filing said MasterCard's banks engaged "imprudent actions" such as "issuing alerts on numerous MasterCard accounts that were not placed at any risk by the TJX intrusion."

Retail Center Editor Evan Schuman can be reached at

Check out's Retail Center for the latest news, views and analysis on technology's impact on retail.