International Cyber Expo International Cyber Expo
  • About Us
Tuesday, 14 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Trustwave CEO refutes legal "baseless allegations”

by The Gurus
March 31, 2014
in Editor's News
Share on FacebookShare on Twitter

Trustwave has said that legal claims in regard to its involvement with the Target breach are without merit.
 
According to a statement posted online by chief executive Robert McCullen, the company said it is looking “forward to vigorously defending ourselves in court against these baseless allegations”.
 
He said: “As some of you may know, Trustwave was recently named as a defendant in lawsuits relating to the data security breach that affected Target stores in late 2013.
 
“Contrary to the misstated allegations in the plaintiffs’ complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target’s network, nor did Trustwave process cardholder data for Target. Our customers and business partners can continue to expect the quality and dedicated service Trustwave has provided them for almost 20 years.”
 
The complaint appeared last week, claiming that Target and Trustwave failed their duties to 110 million customers, and as Target outsourced its data security obligations to Trustwave, the ruling stated that this “failed to bring Target’s systems up to industry standards”.
 
The compliant said that Trustwave scanned the Target systems in September 2013 and told them that there were no vulnerabilities in their computer systems. However, reports found that Target kept credit and debit card data on its servers for six full days before hackers transmitted the data to a separate webserver outside of Target’s network because of vulnerabilities in their security systems that were “either undetected or ignored by Trustwave”.
 
It also said that Trustwave provided round-the-clock monitoring services to Target, which was intended to detect intrusions into Target’s systems and compromises of PII or other sensitive data. However, the data breach continued for nearly three weeks on Trustwave’s watch.
 
The banks who brought the action allege that they lost money from alerting customers to the breach, reimbursing fraudulent charges and reissuing cards. Those losses could increase if criminals ultimately use several million stolen cards as some analyst’s project, according to Reuters.
 
While the complaint seeks unspecified damages of at least $5 million, New York-based Trustmark and Houston-based Green Bank said losses could top $1 billion for card issuers they hope to represent in a class action, and $18 billion for banks and retailers combined.
 
Commenting, Ilia Kolochenko, CEO of High-Tech Bridge, said: “This is a very interesting case actually, as it’s not only the victim [Target] who is being sued for negligence but also their IT security auditor. I don’t think that we can accuse Trustwave of being responsible for the data breach, as they were performing security testing and auditing in accordance to the PCI DSS standard (at least this is what being said).
 
“Several years ago, I notified the PCI Council about vulnerabilities (including a critical one) on its own website. Obviously, PCI DSS standard is continuously improving, but I think that practically speaking it’s still far from being perfect today. This is why when a customer asks a security company to perform just a standard PCI DSS audit; we cannot blame the security company.”

Tags: data breachLegal
ShareTweet
Previous Post

88 per cent change their cloud buying behaviour post Snowden

Next Post

Nottingham Trent University selects ForeScout CounterACT to improve network visibility and end user experience

Recent News

Black Duck Adds AI-Powered Triage and CRA-Ready Checks to Coverity Static Analysis

Black Duck Adds AI-Powered Triage and CRA-Ready Checks to Coverity Static Analysis

July 14, 2026
AI Appreciation Day: Celebrating Progress, Embracing Responsibility

AI has crossed from assistant to operator, Check Point research warns

July 14, 2026
Q&A: Cyber’s Headed Back to the CSIDES

Q&A: Cyber’s Headed Back to the CSIDES

July 13, 2026

UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts, Check Point Research Reveals

July 13, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol