The Latest in IT Security

Responding to Lawsuit, Trustwave Says Did Not Monitor Target’s Network


After recently being named as a defendant in a lawsuit related to the massive data breach that hit Target Corp. late last year, Trustwave’s top executive has said the claims against the firm are without merit and that the company would vigorously defend itself against what he calls “baseless allegations”.

The complaint, filed March 24 on behalf of a number of financial institutions, names both Target and Trustwave and accuses the security company of failing to protect Target’s systems.

In the compliant, the banks state Trustwave was hired by Target to protect and monitor the retailer’s systems, and that the security vendor scanned Target’s systems on Sept. 20, 2013, and found no vulnerabilities were present. Because of vulnerabilities in Target’s network however, millions of payment card records were stolen, according to the complaint, which asks for unspecified damages.

“Contrary to the misstated allegations in the plaintiffs complaints, Target did not outsource its data security or IT obligations to Trustwave,” Trustwave’s CEO, Robert McCullen,wrote in a letter to customers posted to the company’s website March 29.

“Trustwave failed to live up to its promises, or to meet industry standards,” the complaint said. “Trustwave’s failings, in turn, allowed hackers to cause the Data Breach and to steal Target customers’ PII and sensitive payment card information. In addition, Trustwave failed to timely discover and report the Data Breach to Target or the public.

McCullen argues that this is not the case and that it was not responsible for protecting Target’s data.

“Trustwave did not monitor Target’s network, nor did Trustwave process cardholder data for Target,” McCullen added.

WhileMcCullendenied the allegations, he did not mention any relationship with Target or any services that were provided to the retail giant. ATrustwave spokesperson previously told SecurityWeek that the company does not comment on pending litigation or confirm the identities of customers.


Managing Editor, SecurityWeek.Previous Columns by Mike Lennon:Responding to Lawsuit, Trustwave Says Did Not Monitor Targets NetworkFireEye Report Analyzes Zero-day Attacks of 2013Google Says Public DNS Intercepted by ISPs in TurkeyRapid7 Pushes Defense Prioritization, Segmentation Testing In Latest Product UpdatesCybercrime Fighter ThreatMetrix Raises $20 Million in Series E Funding

sponsored links


Incident Management

Management Strategy

Comments are closed.



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments