A former customer of Trustwave is suing the security company for $100,000 in damages after it allegedly missed a breach during an investigation into a cybersecurity incident.
The lawsuit has been filed by Affinity Gaming in Nevada, which owns several casinos in the state, according to a report by ZDNet on Monday. Trustwave was hired by the company in 2003 to investigate and mitigate a data breach that exposed data of up to 300,000 customers.
Trustwave denies the allegations and said that it will defend itself “vigorously in court.” As ZDNet reports, “there have been no other documented case where this third party would become embroiled in a legal battle in how they handled and contained a security issue.”
Affinity Gaming said that it had been told the data breach was contained and the suspected backdoors inert, but it learned that its systems were still compromised when the company hired Ernst & Young to perform penetration testing to new regulations from the Missouri Gaming Commission. The testing unveiled ongoing activity from malware, according to Affinity Gaming, which it believes Trustwave should have caught.
“Mandiant’s investigation initially focused on a period of attacker activity between December 6, 2013 and April 27, 2014. The scope of the investigation expanded to include the ‘previous’ data breach that had occurred between March and October, 2013 – the data breach Trustwave supposedly had investigated – after Mandiant determined that Trustwave had failed to identify the entire extent of the breach.”