Make us your home page

Court revives Tampa class-action suit on Sweetbay data breach

A federal appeals court has revived a Tampa class-action suit seeking money for Florida shoppers whose credit and debit card numbers were swiped in a data breach that hit 109 Sweetbay Supermarkets.

Initially filed in Hillsborough Circuit Court, the case was among 24 bundled into one federal class-action case being heard in Portland, Maine, against Hannaford Bros., Tampa-based Sweetbay's corporate sibling in New England. Both are owned by the Belgian Delhaize Group.

A three-judge panel this week, however, peeled off one case and sent it back to be heard on its own in a state court in Tampa. The panel ruled Florida residents would have more options in the case since it was filed against a Florida company in the home state of all parties.

Plaintiffs' attorneys in the Maine case had agreed to limit much of the case to Hannaford, which runs Sweetbay's data center and oversees Sweetbay's management for Delhaize, as a corporate entity. But attorney David Metcalf of Tallahassee objected.

"They've treated Sweetbay like some poor cousin of Hannaford," Metcalf said. "That action alone delayed our case by a year already."

About 1.6 million of the 4.2 million card numbers in several states swiped by hackers were from Sweetbay stores spread from Naples north though the Tampa Bay area to Gainesville. Unlike the Tampa case, suits left intact in the federal multistate suit seek damages for all Sweetbay customers whose numbers were compromised, not just Florida residents.

Hackers were able to intercept wireless transmissions of card numbers from Sweetbay checkout counters between Dec. 7, 2007, and March 8, 2008. Card issuers and banks ate most bogus charges that thieves ran up on counterfeit cards as far away as Brazil. But cards were still showing up in retail theft months later. One ring of five was arrested in June 2008 using bogus counterfeit cards imprinted with Sweetbay numbers at a Gibsonton Wal-Mart while buying thousands of gallons of diesel they intended to resell. One had 47 different cards.

The class-action suit was filed in the name of Thomas Grimsdale, a 60-year-old Tampa gas pump maintenance company executive, whose bank alerted him that his card number was among those swiped.

He got a replacement card, but some card issuers refused to tell victims which store compromised their accounts.

The suit seeks free credit monitoring, credit repair if necessary and undetermined money damages to be split up among victims of the breach, including those unaware they were victims.

Mark Albright can be reached at or (727) 893-8252.

Think you're a victim? Here's what to do

• Comb bank and card statements carefully for unauthorized charges. Dispute them immediately.

• Don't expect a retailer to notify you of a data breach on a card that's not their own. It is likely they do not have your name, address or phone number.

• Be vigilant about keeping credit card and personal identification numbers hidden, such as while waiting at the checkout or making an ATM withdrawal.

• If you suspect foul play, call your card issuer immediately. If your monthly bill doesn't appear on time, it could be a sign of identity theft. That's when someone tries to cobble several pieces of your personal information into duplicate credit cards without your knowledge.

• Read the fine print on all payment cards so you know what you are liable for. Most cards have zero liability in case of fraud. But a debit card and PIN can be used to drain your checking account before the bank agrees it was fraud.

Court revives Tampa class-action suit on Sweetbay data breach 05/08/09 [Last modified: Friday, May 8, 2009 10:43pm]
Photo reprints | Article reprints

© 2017 Tampa Bay Times


Join the discussion: Click to view comments, add yours