BROCKTON, Mass. — In what might seem a quixotic gesture of optimism, the $1.4 billion HarborOne Credit Union has not turned first to lawyers or to litigation to recover money it said it lost in a recent card security breach. It has sent the retailer that caused the breach a bill–for $590,000.
The credit union said the losses stem from the card data breach suffered by TJX, the parent company of several well-known retail brands, including TJ Maxx. The losses included in the April 30 invoice cover $90,000 the credit union said it spent to close and replace 9,000 debit card accounts and $500,000 of what it said the breach cost it in reputation cost for the debit cards.
So far, TJX has not said anything about the bill and has not contacted the credit union in any way, a development that HarborOne CEO James Blake said did not particularly surprise him.
Recommended For You
"There are a number of different industry class action lawsuits out there at the moment," Blake said. "We haven't made a decision about them yet. We wanted to let TJ Maxx stand up an be accountable for their actions even though it does not look like they will."
He said the CU wanted to give the company the chance to do the right thing before
turning to litigation.
Blake explained the CU arrived at the $500,000 figure by calculating how much marketing costs it would take to get a member to open a new debit card account.
"Every one of these incidents costs us in the eyes of our members," Blake said.
The credit union had not suffered any direct costs from having to close and reissue credit cards because it sold its credit card account in 2001 to FIA Card Services, the card portfolio purchasing and management arm of Bank of America that used to be known as MBNA.
Even as more credit unions have begun taking a more wait and see attitude toward whether or not to close card accounts which have may have been compromised in a breach, Blake said HarborOne believed it had no real choice but to close and reissue the cards.
"The data was live out there," Blake said, "and if we didn't close the card accounts it might have shown up not in card fraud but in the form of some other fraud such as mortgage fraud or other kind of fraud and then we have to answer the member who wants to know why we didn't close the account when we could have and better protected them."
Blake acknowledged that the close and reissue policy made HarborOne look comparatively worse than larger financial institutions which have not been closing and reissuing as many accounts. "They might close a few hundred or so but we are telling thousands of our members that we are closing and reissuing, it makes us look worse than we really are," Blake complained.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
