Banks impacted in the late-2013 breach of Target have banded together to file a class-action against the retail giant, as well as against Trustwave, a Chicago-based security firm said in the lawsuit to have failed to bring Target’s systems up to industry standards.
“On information and belief, Trustwave scanned Target’s computer systems on [Sept.] 20, 2013 and told Target that there were no vulnerabilities in Target’s computer systems,” according to documents filed on Monday in U.S. District Court in Chicago by Trustmark National Bank and Green Bank, N.A.
The documents, filed on behalf of all similarly situated institutions, continued, “To the contrary, however, and as reported by The New York Times, Target kept credit and debit card data on its servers for six full days before hackers transmitted the data to a separate webserver outside of Target’s network.”
These vulnerabilities, “either undetected or ignored by Trustwave,” enabled the hackers to pilfer 40 million payment cards and encrypted PIN data, among heaps of other personal information, according to the documents, which add that the breach was preventable.
Sourcing the Consumer Bankers Association, the documents state that U.S. member banks have already spent $172 million reissuing stolen cards, and, sourcing global investment banking firm Jefferies, the documents suggest that payment card issuers may in total suffer upwards of a billion dollars in damages as a result of the breach.
When contacted, a Trustwave spokesperson told SCMagazine.com on Wednesday that speaking on pending legal matters and specific customers is against company policy.
A Target spokesperson told SCMagazine.com on Wednesday that the company does not discuss pending litigation.