Banks Sue Target and Trustwave: On What Grounds?
Target and Trustwave Holdings, which provides credit card security services, have been sued by two banks for "monumental" losses they say card issuers will face because of the retailer's data breach.
On March 24 a complaint was filed by Trustmark National Bank and Green Bank NA in Chicago federal court accusing Target and Trustwave of failing to properly secure customer data, enabling the theft of 40 million debit and credit card records plus 70 million other records, including addresses and phone numbers. The banks will spend $172 million reissuing credit and debit cards, according to the lawsuit. Banks also need to reimburse affected customers for all fraudulent charges, pushing costs even higher.
The banks said they lost money from alerting customers to the breach, reimbursing fraudulent charges and reissuing cards. These losses could increase if criminals ultimately use several million stolen cards as some analysts project.
The 48-page complaint also alleges Trustwave ultimately failed to ensure Target's POS network and other systems were secure, "On information and believe, Trustwave scanned Target's computer systems on September 20, 2013, and told Target that there were no vulnerabilities in Target's computer systems," the complaint alleges. "Trustwave also provided round-the-clock monitoring services to Target, which monitoring was intended to detect intrusions into Target's systems and compromises of PII or other sensitive data. In fact, however, the data breach continued for nearly three weeks on Trustwave's watch."
While the complaint seeks damages of at least $5 million, Trustmark and Green Bank said losses could top $1 billion for card issuers they hope to represent in a class action, and $18 billion for banks and retailers combined.
The retailer is already facing dozens of lawsuits over the breach. Last Monday's complaints are one of the first to focus on Trustwave, a privately held Chicago-based company to which the banks said Target had outsourced some data security services. During a U.S. Senate committee hearing on protecting consumer data from cyber-attacks, Senate staffers said Target "missed a number of opportunities" to stop the breach.
For related content:
Target CIO Resigns: "It's Time for a Change"
What Did Target Know and When Did It Know It?
Target Invests $100M in Data Security
The Target of a Phishing Scandal
Target HVAC Systems Linked to Security Faux Pas
On March 24 a complaint was filed by Trustmark National Bank and Green Bank NA in Chicago federal court accusing Target and Trustwave of failing to properly secure customer data, enabling the theft of 40 million debit and credit card records plus 70 million other records, including addresses and phone numbers. The banks will spend $172 million reissuing credit and debit cards, according to the lawsuit. Banks also need to reimburse affected customers for all fraudulent charges, pushing costs even higher.
The banks said they lost money from alerting customers to the breach, reimbursing fraudulent charges and reissuing cards. These losses could increase if criminals ultimately use several million stolen cards as some analysts project.
The 48-page complaint also alleges Trustwave ultimately failed to ensure Target's POS network and other systems were secure, "On information and believe, Trustwave scanned Target's computer systems on September 20, 2013, and told Target that there were no vulnerabilities in Target's computer systems," the complaint alleges. "Trustwave also provided round-the-clock monitoring services to Target, which monitoring was intended to detect intrusions into Target's systems and compromises of PII or other sensitive data. In fact, however, the data breach continued for nearly three weeks on Trustwave's watch."
While the complaint seeks damages of at least $5 million, Trustmark and Green Bank said losses could top $1 billion for card issuers they hope to represent in a class action, and $18 billion for banks and retailers combined.
The retailer is already facing dozens of lawsuits over the breach. Last Monday's complaints are one of the first to focus on Trustwave, a privately held Chicago-based company to which the banks said Target had outsourced some data security services. During a U.S. Senate committee hearing on protecting consumer data from cyber-attacks, Senate staffers said Target "missed a number of opportunities" to stop the breach.
For related content:
Target CIO Resigns: "It's Time for a Change"
What Did Target Know and When Did It Know It?
Target Invests $100M in Data Security
The Target of a Phishing Scandal
Target HVAC Systems Linked to Security Faux Pas