Target and Security Firm Face Another Security Breach Lawsuit
Target (NYSE:TGT) is getting sued again. And this time so is Trustwave Holdings Inc., the retailer’s provider of credit card security services. Reuters reported Wednesday that Target and Trustwave have been sued by two banks on account of ”monumental” losses the banks say card issuers will incur because of the retailer’s large-scale data breach. The two banks that filed the lawsuit Monday in Chicago federal court are Trustmark National Bank and Green Bank N.A. They charge that Target failed to properly secure its customer data and to heed warnings about its security gaps, and that’s why more than 40 million payment card records were compromised, along 70 million other records, in its devastating security breach.
This certainly isn’t the first lawsuit Target has faced for its holiday season security breach that stretched from November 28 to December 15, but Reuters highlighted that it’s the first that also draws in Trustwave, Target’s credit card security client. Target had outsourced some of its data security services to the Chicago-based company, and Trustmark National Bank and Green Bank NA are now alleging that the privately held group failed to bring Target’s computer systems up to industry standards and found “no vulnerabilities” as late as September 20. The banks say this is unacceptable for a company that boasts an expertise in payment card industry compliance.
So now both Target and Trustwave will go to court where the banks will ask for reimbursement for the money they lost from informing customers about the breach, refunding fraudulent charges, and reissuing cards. According to Reuters, the complaint seeks unspecified damages of at least $5 million, a fraction of the cost ($18 billion) that banks and retailers are expected to ultimately incur from the data breach.
Since Target’s data breach, the question at hand has been whether the Minneapolis-based retailer could have prevented the security theft from happening, and if it failed to heed warnings that its security network had vulnerabilities. Target executives traveled to Washington earlier this winter to address those concerns with the Senate Judiciary Committee, and since then, many reports have come out illuminating the warnings that Target received prior to its security breach that its security network needed an update.
The lawsuit that the two banks filed in a Chicago court Monday also addressed that problem, and according to Reuters, Trustmark and Green Bank maintain that Target knew as early as 2007 that its systems were vulnerable but failed to make improvements in order to keep costs down. The day following the filing of the lawsuit, Senate staffers said in a Tuesday report, issued ahead of a U.S. Senate committee hearing on protecting consumer data from cyber attacks, that Target “missed a number of opportunities” to stop the breach.
Reuters reported that Trustmark and Green Bank want to hold Target and Trustwave liable for losses incurred on account of its failure to address payment card security, as well as for its negligence and violations of other state consumer laws, but neither Target nor Trustwave spokespeople have shared a comment on the case.