Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Responding to Lawsuit, Trustwave Says Did Not Monitor Target’s Network

After recently being named as a defendant in a lawsuit related to the massive data breach that hit Target Corp. late last year, Trustwave’s top executive has said the claims against the firm are without merit and that the company would vigorously defend itself against what he calls “baseless allegations”.

After recently being named as a defendant in a lawsuit related to the massive data breach that hit Target Corp. late last year, Trustwave’s top executive has said the claims against the firm are without merit and that the company would vigorously defend itself against what he calls “baseless allegations”.

The complaint, filed March 24 on behalf of a number of financial institutions, names both Target and Trustwave and accuses the security company of failing to protect Target’s systems.

In the compliant, the banks state Trustwave was hired by Target to protect and monitor the retailer’s systems, and that the security vendor scanned Target’s systems on Sept. 20, 2013, and found no vulnerabilities were present. Because of vulnerabilities in Target’s network however, millions of payment card records were stolen, according to the complaint, which asks for unspecified damages.

“Contrary to the misstated allegations in the plaintiffs complaints, Target did not outsource its data security or IT obligations to Trustwave,” Trustwave’s CEO, Robert McCullen, wrote in a letter to customers posted to the company’s website March 29.

“Trustwave failed to live up to its promises, or to meet industry standards,” the complaint said. “Trustwave’s failings, in turn, allowed hackers to cause the Data Breach and to steal Target customers’ PII and sensitive payment card information. In addition, Trustwave failed to timely discover and report the Data Breach to Target or the public.

McCullen argues that this is not the case and that it was not responsible for protecting Target’s data.

“Trustwave did not monitor Target’s network, nor did Trustwave process cardholder data for Target,” McCullen added.

While McCullen denied the allegations, he did not mention any relationship with Target or any services that were provided to the retail giant. A Trustwave spokesperson previously told SecurityWeek that the company does not comment on pending litigation or confirm the identities of customers.

And if Trustwave did provide compliance services to Target, we all know that compliance does not equal security. 

Related: Why Security Can’t Live Without Compliance

RelatedThe New Compliance Checklist

RelatedPCI DSS 3.0: The Impact on Your Security Operations

RelatedNew Changes to PCI Data Security Standard 3.0 Published

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.