Banks file class-action against Target and Trustwave over massive breach

Share this article:
Target
Banks impacted by the Target breach are suing the company as well as security firm Trustwave.

Banks impacted in the late-2013 breach of Target have banded together to file a class-action against the retail giant, as well as against Trustwave, a Chicago-based security firm said in the lawsuit to have failed to bring Target's systems up to industry standards.

“On information and belief, Trustwave scanned Target's computer systems on [Sept.] 20, 2013 and told Target that there were no vulnerabilities in Target's computer systems,” according to documents filed on Monday in U.S. District Court in Chicago by Trustmark National Bank and Green Bank, N.A.

The documents, filed on behalf of all similarly situated institutions, continued, “To the contrary, however, and as reported by The New York Times, Target kept credit and debit card data on its servers for six full days before hackers transmitted the data to a separate webserver outside of Target's network.”

These vulnerabilities, “either undetected or ignored by Trustwave,” enabled the hackers to pilfer 40 million payment cards and encrypted PIN data, among heaps of other personal information, according to the documents, which add that the breach was preventable.

Sourcing the Consumer Bankers Association, the documents state that U.S. member banks have already spent $172 million reissuing stolen cards, and, sourcing global investment banking firm Jefferies, the documents suggest that payment card issuers may in total suffer upwards of a billion dollars in damages as a result of the breach.

When contacted, a Trustwave spokesperson told SCMagazine.com on Wednesday that speaking on pending legal matters and specific customers is against company policy.

A Target spokesperson told SCMagazine.com on Wednesday that the company does not discuss pending litigation.

Share this article:

Sign up to our newsletters

More in News

New backdoor 'Baccamun' spreads through ActiveX exploit

Symantec researchers revealed that the backdoor is dropped after attackers exploit a Windows ActiveX vulnerability.

Outdated browsers put U.K. users at risk of malware

A blog post on Check and Secure website said 70 percent of U.K. users haven't fully updated their internet browsers

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.