After recently being named as a defendant in a lawsuit related to the massive data breach that hit Target Corp. late last year, Trustwave’s top executive has said the claims against the firm are without merit and that the company would vigorously defend itself against what he calls “baseless allegations”.
The complaint, filed March 24 on behalf of a number of financial institutions, names both Target and Trustwave and accuses the security company of failing to protect Target’s systems.
In the compliant, the banks state Trustwave was hired by Target to protect and monitor the retailer’s systems, and that the security vendor scanned Target’s systems on Sept. 20, 2013, and found no vulnerabilities were present. Because of vulnerabilities in Target’s network however, millions of payment card records were stolen, according to the complaint, which asks for unspecified damages.
“Contrary to the misstated allegations in the plaintiffs complaints, Target did not outsource its data security or IT obligations to Trustwave,” Trustwave’s CEO, Robert McCullen, wrote in a letter to customers posted to the company’s website March 29.
“Trustwave failed to live up to its promises, or to meet industry standards,” the complaint said. “Trustwave’s failings, in turn, allowed hackers to cause the Data Breach and to steal Target customers’ PII and sensitive payment card information. In addition, Trustwave failed to timely discover and report the Data Breach to Target or the public.
McCullen argues that this is not the case and that it was not responsible for protecting Target’s data.
“Trustwave did not monitor Target’s network, nor did Trustwave process cardholder data for Target,” McCullen added.
While McCullen denied the allegations, he did not mention any relationship with Target or any services that were provided to the retail giant. A Trustwave spokesperson previously told SecurityWeek that the company does not comment on pending litigation or confirm the identities of customers.
And if Trustwave did provide compliance services to Target, we all know that compliance does not equal security.
Related: Why Security Can’t Live Without Compliance
Related: The New Compliance Checklist
Related: PCI DSS 3.0: The Impact on Your Security Operations
Related: New Changes to PCI Data Security Standard 3.0 Published
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
