Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Trustwave CEO refutes legal "baseless allegations”

by The Gurus
March 31, 2014
in Editor's News
Share on FacebookShare on Twitter

Trustwave has said that legal claims in regard to its involvement with the Target breach are without merit.
 
According to a statement posted online by chief executive Robert McCullen, the company said it is looking “forward to vigorously defending ourselves in court against these baseless allegations”.
 
He said: “As some of you may know, Trustwave was recently named as a defendant in lawsuits relating to the data security breach that affected Target stores in late 2013.
 
“Contrary to the misstated allegations in the plaintiffs’ complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target’s network, nor did Trustwave process cardholder data for Target. Our customers and business partners can continue to expect the quality and dedicated service Trustwave has provided them for almost 20 years.”
 
The complaint appeared last week, claiming that Target and Trustwave failed their duties to 110 million customers, and as Target outsourced its data security obligations to Trustwave, the ruling stated that this “failed to bring Target’s systems up to industry standards”.
 
The compliant said that Trustwave scanned the Target systems in September 2013 and told them that there were no vulnerabilities in their computer systems. However, reports found that Target kept credit and debit card data on its servers for six full days before hackers transmitted the data to a separate webserver outside of Target’s network because of vulnerabilities in their security systems that were “either undetected or ignored by Trustwave”.
 
It also said that Trustwave provided round-the-clock monitoring services to Target, which was intended to detect intrusions into Target’s systems and compromises of PII or other sensitive data. However, the data breach continued for nearly three weeks on Trustwave’s watch.
 
The banks who brought the action allege that they lost money from alerting customers to the breach, reimbursing fraudulent charges and reissuing cards. Those losses could increase if criminals ultimately use several million stolen cards as some analyst’s project, according to Reuters.
 
While the complaint seeks unspecified damages of at least $5 million, New York-based Trustmark and Houston-based Green Bank said losses could top $1 billion for card issuers they hope to represent in a class action, and $18 billion for banks and retailers combined.
 
Commenting, Ilia Kolochenko, CEO of High-Tech Bridge, said: “This is a very interesting case actually, as it’s not only the victim [Target] who is being sued for negligence but also their IT security auditor. I don’t think that we can accuse Trustwave of being responsible for the data breach, as they were performing security testing and auditing in accordance to the PCI DSS standard (at least this is what being said).
 
“Several years ago, I notified the PCI Council about vulnerabilities (including a critical one) on its own website. Obviously, PCI DSS standard is continuously improving, but I think that practically speaking it’s still far from being perfect today. This is why when a customer asks a security company to perform just a standard PCI DSS audit; we cannot blame the security company.”

FacebookTweetLinkedIn
Tags: data breachLegal
ShareTweetShare
Previous Post

88 per cent change their cloud buying behaviour post Snowden

Next Post

Nottingham Trent University selects ForeScout CounterACT to improve network visibility and end user experience

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information