A federal appeals court has revived a Tampa class-action suit seeking money for Florida shoppers whose credit and debit card numbers were swiped in a data breach that hit 109 Sweetbay Supermarkets.
Initially filed in Hillsborough Circuit Court, the case was among 24 bundled into one federal class-action case being heard in Portland, Maine, against Hannaford Bros., Tampa-based Sweetbay's corporate sibling in New England. Both are owned by the Belgian Delhaize Group.
A three-judge panel this week, however, peeled off one case and sent it back to be heard on its own in a state court in Tampa. The panel ruled Florida residents would have more options in the case since it was filed against a Florida company in the home state of all parties.
Plaintiffs' attorneys in the Maine case had agreed to limit much of the case to Hannaford, which runs Sweetbay's data center and oversees Sweetbay's management for Delhaize, as a corporate entity. But attorney David Metcalf of Tallahassee objected.
"They've treated Sweetbay like some poor cousin of Hannaford," Metcalf said. "That action alone delayed our case by a year already."
About 1.6 million of the 4.2 million card numbers in several states swiped by hackers were from Sweetbay stores spread from Naples north though the Tampa Bay area to Gainesville. Unlike the Tampa case, suits left intact in the federal multistate suit seek damages for all Sweetbay customers whose numbers were compromised, not just Florida residents.
Hackers were able to intercept wireless transmissions of card numbers from Sweetbay checkout counters between Dec. 7, 2007, and March 8, 2008. Card issuers and banks ate most bogus charges that thieves ran up on counterfeit cards as far away as Brazil. But cards were still showing up in retail theft months later. One ring of five was arrested in June 2008 using bogus counterfeit cards imprinted with Sweetbay numbers at a Gibsonton Wal-Mart while buying thousands of gallons of diesel they intended to resell. One had 47 different cards.
The class-action suit was filed in the name of Thomas Grimsdale, a 60-year-old Tampa gas pump maintenance company executive, whose bank alerted him that his card number was among those swiped.
He got a replacement card, but some card issuers refused to tell victims which store compromised their accounts.
The suit seeks free credit monitoring, credit repair if necessary and undetermined money damages to be split up among victims of the breach, including those unaware they were victims.
Mark Albright can be reached at [email protected] or (727) 893-8252.