Former Customer Sues Trustwave Over “Inadequate” Security Investigation

1 comment

A former customer of Trustwave is suing the security company for $100,000 in damages after it allegedly missed a breach during an investigation into a cybersecurity incident.

The lawsuit has been filed by Affinity Gaming in Nevada, which owns several casinos in the state, according to a report by ZDNet on Monday. Trustwave was hired by the company in 2003 to investigate and mitigate a data breach that exposed data of up to 300,000 customers.

Trustwave denies the allegations and said that it will defend itself “vigorously in court.” As ZDNet reports, “there have been no other documented case where this third party would become embroiled in a legal battle in how they handled and contained a security issue.”

Affinity Gaming said that it had been told the data breach was contained and the suspected backdoors inert, but it learned that its systems were still compromised when the company hired Ernst & Young to perform penetration testing to new regulations from the Missouri Gaming Commission. The testing unveiled ongoing activity from malware, according to Affinity Gaming, which it believes Trustwave should have caught.

Read more: Singtel Completes Acquisition of Trustwave to Grow Managed Security Portfolio

The company said it then hired Mandiant to conduct a “thorough investigation” which concluded that “Trustwave’s work was woefully inadequate.”

“Mandiant’s investigation initially focused on a period of attacker activity between December 6, 2013 and April 27, 2014. The scope of the investigation expanded to include the ‘previous’ data breach that had occurred between March and October, 2013 – the data breach Trustwave supposedly had investigated – after Mandiant determined that Trustwave had failed to identify the entire extent of the breach.”

Add Your Comments

  • (will not be published)

One Comment

  1. I would be interested to know if all parties had the same access to information and data. Out of curiosity what OS was being used by the former client?