PCI security vendor Trustwave named in Target breach suit
26 March 2014 | 6158 views | 0
PCI security vendor Trustwave has been accused of failing to detect vulnerabilities in Target's handling of credit card data ahead of last year's data breach, according to a law suit filed by Trustmark National Bank of New York and Green Bank of Houston.
The suit, filed in Chicago's US District Court, is the latest in an avalanche of claims being filed against the retailer over the holiday season data breach that saw the personal information of more than 100,000 customers hacked and hawked on undergound cyber-crime sites.
Trutswave, which promises 'smart security on demand' and claims to be a 'global leader in PCI DSS compliance' is alleged to have given Target a clean bill of health in September, two months ahead of the attack.
The suit alleges that Trustwave failed to detect clear vulnerabilities in the way Target handled credit card data at the point-of-sale, pointing to a New York Times report claiming that the giant retailer stored customer card details on its servers for six full days before hackers broke in and moved the data along.
The suit, which is understood to be seeking class action status and claiming up to $5 million in damages, claims that the ultimate cost to the banking industry of the breach could reach $18 billion in total.