-
The latest investigation into the massive data breach at Target has found that hackers entered the retailer's network by stealing a vendor's password and then patiently waited until the busy holiday season to strike.
February 11 -
The security vendor Trustwave has been accused of failing to identify security gaps at Target, according to a lawsuit filed by banks for damages suffered from the holiday season data breach.
March 25 -
Many times, it seems, the best way for a company to learn whether it was compliant with the Payment Card Industry data security standard is to experience a data breach.
March 28
One of the two banks suing retailer Target and security vendor Trustwave in connection with the retailer's high-profile data breach has backed off.
Trustmark National Bank filed a
Trustmark and Green Bank
But Trustwave says that it too had nothing to do with the breach. The company did not provide data security services to Target, Trustwave Chief Executive Robert McCullen said in an
"Contrary to the misstated allegations... Target did not outsource its data security or IT obligations to Trustwave," McCullen wrote. "Trustwave did not monitor Target's network, nor did Trustwave process cardholder data to Target."
It was not clear why Trustmark and Green Bank believed there was basis to name Trustwave as a defendant in the case. Lawyers for the two lenders did not immediately return calls seeking comment.
Hackers stole payment card information from 40 million credit and debit cards over the course of two weeks in November and December, along with other personal information from 70 million customer records. Investigators have said that hackers cracked Target's network by
The lawsuit filed by Trustmark and Green Bank claims that Target failed to prioritize data safety, leaving its system vulnerable to the attack. It also claims that the retailer outsourced data security duties to Trustwave, relying on the vendor to ensure that its systems met Payment Card Industry Data Security Standard requirements. The requirements outline the steps companies must take in order to prevent the theft of payment card data.
Trustwave declined to comment further on the case. Target also declined to comment.