PYMNTS-MonitorEdge-May-2024

Trustwave Sued For Breach Investigation ‘Failure’

Shutterstock

Data protection and security company Trustwave is being sued by Affinity Gaming for allegedly being unable to mitigate a cyberattack that negatively impacted its business, ZDNet reported Monday (Jan. 18).

The cybersecurity firm was hired by Affinity Gaming after the casino operator fell victim to a data breach that compromised the personal information of nearly 300,000 Affinity customers. The lawsuit accuses Trustwave of allowing another cyberattack to take place while it was charged with investigating and containing the impact of the initial breach. Rather than identifying the threat, Affinity Gaming said the cybersecurity company missed the attack and said all threats were neutralized.

“Shortly after Trustwave’s engagement ended and after Trustwave had promised that the data breach had been ‘contained’ and the suspected backdoor(s) ‘inert,’ Affinity Gaming learned that its data systems still were compromised,” the documents outlining the lawsuit stated.

The documentation goes on to state that a probe into the security breach by Ernst & Young in 2014 resulted in the identification of suspicious ongoing activity from a malware program that Trustwave said it addressed during its investigation in 2013.

“This litigation demonstrates that as the law of data privacy and security continues its lightning-fast evolution, so does litigation in this area,” Joseph DeMarco, a data privacy lawyer who is not involved in the case, told Financial Times, adding that the standards to which cybersecurity companies are held are rapidly changing. “I expect to see more of these cases as more and more breaches are investigated, sometimes in ways that the victim is not satisfied with.”

Affinity used $1.2 million of its $5 million cyberinsurance policy in order to address the security breach, but the company is only seeking $100,000 in damages in its litigation against Trustwave, ZDNet confirmed.

Trustwave continues to deny any fault or wrongdoing in the matter, stating: “We dispute and disagree with the allegations in the lawsuit, and we will defend ourselves vigorously in court.”

PYMNTS-MonitorEdge-May-2024