Subscribe to Breaking News emails

You have successfully subscribed to the Breaking News email.

Subscribe today to be the first to to know about breaking news and special reports.

Target, Security Auditor Trustwave Sued Over Data Breach

/ Source: Reuters
Image: FILE: Amount Of Stolen Data From Target Twice The Size Of Previous Estimates
Two banks are suing Target and Trustwave Holdings, which provides credit card security services, for "monumental" losses they say they will face because of the retailer's holiday season data breach.Joe Raedle / Getty Images, file

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Two banks are suing Target and Trustwave Holdings, which provides credit card security services, for "monumental" losses they say card issuers will face because of the retailer's holiday season data breach.

In a complaint filed Monday in Chicago federal court, Trustmark National Bank and Green Bank NA accused the defendants of failing to properly secure customer data, enabling the theft of about 40 million payment card records plus 70 million other records, including addresses and phone numbers.

Image: The sign outside the Target store in Arvada
Target and Trustwave Holdings are being sued by two banks over the holiday season data breach.RICK WILKING / Reuters

The banks said they lost money from alerting customers to the breach, reimbursing fraudulent charges and reissuing cards. These losses could increase, they said, if criminals ultimately use several million stolen cards as some analysts project.

While the complaint seeks unspecified damages of at least $5 million, New York-based Trustmark and Houston-based Green Bank said losses could top $1 billion for card issuers they hope to represent in a class action, and $18 billion for banks and retailers combined.

Target already faces dozen of lawsuits over the breach. Monday's case may be the first to focus on Trustwave, a privately held Chicago-based company to which the banks said Target had outsourced some data security services.

Molly Snyder, a Target spokeswoman, said the retailer did not discuss pending litigation. Trustwave spokeswoman Abby Ross said that company had a policy of not confirming its customers' identities or discussing pending legal matters.

In a Tuesday report issued ahead of a Senate committee hearing on protecting consumer data from cyber attacks, Senate staffers said Target "missed a number of opportunities" to stop the breach.

According to the lawsuit, Minneapolis-based Target knew as early as 2007 that its systems were vulnerable but resisted making improvements, in part to keep costs down. It ultimately outsourced data security to Trustwave.

Despite advertising its "deep expertise" in payment card industry compliance, however, Trustwave failed to bring Target's computer systems up to industry standards and as late as Sept. 20 found "no vulnerabilities," the complaint said.

"The damage done to the banks and the other class members is monumental," the lawsuit said.

-The Associated Press

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
MORE FROM news