Trustwave sued by banks over Target hack -- report

The lawsuit argues that security firm Trustwave failed to identify and address security issues in the retailer's technology.

Don Reisinger
Former CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
2 min read


Customers aren't the only ones still dealing with fallout from the Target hack. Two banks have reportedly filed a lawsuit against Trustwave, claiming the security firm didn't do enough to stop the Target data breach.

Trustmark National Bank and Green Bank N.A. have sued Trustwave, arguing that the company, which provides security services for the payment card industry, failed to identify holes in Target's secure servers, banking-industry-tracker American Banker reported on Tuesday. The lawsuit also claims that Trustwave reassured the mega-retailer that it had nothing to fear about hacks or data breaches, according to the report.

The banks are seeking class-action status and damages of more than $5 million in the suit, which also names Target as a defendant, reported American Banker.

Target last year was hit with a massive data breach during the holiday season that compromised more than 40 million credit and debit cards. Target subsequently announced that an additional 70 million people had personal information stolen in the breach. Banking associations also estimated that the hack cost banks and credit unions more than $200 million.

Trustwave claims to have certified more companies on Payment Card Industry (PCI) Data Security than any other firm in its industry. PCI standards are extremely important in data security and guide companies on protocol to safeguard credit and debit cards from data theft.

According to American Banker, the lawsuit, which was filed in the Chicago US District Court on March 24, alleges that Target might not have been compliant with PCI standards at the time of last year's breach, but Trustwave still reassured the company that it wasn't at risk of any breach.

Banks have been hit hard in the data breach. According to the lawsuit, Trustmark and Green Bank will spend $172 million reissuing credit and debit cards. Banks also need to reimburse affected consumers for all fraudulent charges, pushing their costs even higher.

CNET has contacted Trustwave for comment on the lawsuit. We will update this story when we have more information.