Banks claim security firm failed to identify weaknesses at the retailer
Two US banks have filed a lawsuit against security firm Trustwave, accusing it of failing to identify vulnerabilities at Target, the US retailer hacked in late 2013.
New York’s Trustmark National Bank and Houston-based Green Bank filed earlier this week in Chicago, naming Target and Trustwave as defendants, according to American Banker.
The suit is one of more than 100 related to the Target breach, which saw data of more than 40 million credit cards compromised. In December, a handful of customers came together seeking a class-action suit, as the banks are.
The banks, who are after $5 million (£3 million) in damages, believe Target was not in compliance with PCI standards, which govern payment card security, as the hack went unnoticed for 18 days.
They claimed, based on “information and belief”, Trustwave told Target in September its systems contained no vulnerabilities. The suit alleged the weaknesses were “either undetected or ignored by Trustwave”.
According to the banks, they could spend $172 million reissuing credit and debit cards, whilst total losses may reach $18 billion.
It’s believed Target was breached after hackers broke into the systems of a ventilation partner. By taking that route, the attackers were able to get malware onto Target point of sale machines, which pilfered reams of credit card data.
Trustwave had not responded to a request for comment at the time of publication.
Are you a security pro? Try our quiz!