A Las Vegas Casino Sues IT Security Firm Trustwave For Its “Bad” Investigation.
In a landmark case, the cybersecurity is being taken to task for how the firm allegedly handled a casino operators data breach.
Trustwave: Trustwave is an information security company that helps business customers to fight with cybercrime, protect data and reduce security risk. It helps other businesses to transform the way they manage their information security with their own integrated technologies and with a group of security experts, ethical hackers and researchers they have.
Affinity Gaming: Previously known as Herbst Gaming is a casino operator that operates five casinos in Nevada, 3 in Colorado, 2 in Missouri, and 1 in Iowa.
After a network breach, it suffered the Affinity Gaming (a Las Vegas casino firm) has sued the IT security firm Trustwave for its intense investigation. They questioned them about that because due to this investigation it resulted in the theft of credit card data and the result was in front of them it let the thieves maintain their foothold even during the period when their investigation was going.
The lawsuit was filed in the US District Court in Nevada by the Casino firm against Trustwave because this is among one of the cases where a client sued a cyber security firm due to its lack of quality in the investigation.
To assess and to clean up the computers security firm was hired by the casino operator at the end of 2013. Cyber criminals can easily get more than 300.000 credit cards belonging to all the Affinity gaming clients.
In January 2014, Trustwave made a report that they had identified the source of the breach, and they had also found the malware that the breach contained. But a year later the casino operator got a second breach, where almost all payment cards were stolen.
And for the investigation of it, casino operator hired Mandiant, the experts of the firm discovered that the malware was not fully removed by the Trustwave. Due to which casino operator had demanded an amount of $100,000 in damages to Trustwave.
According to the report of Mandiant, the attacker accessed at least 93 systems out of which on 76 he deployed credit card malware among which 12 were Payment Card Industry which Trustwave was specially told to inspect.
According to the lawsuits filed on Trustwave in December claims that
“Hiring a firm with the proper data breach response expertise, such as Trustwave held itself out to be, was of paramount importance for Affinity Gaming…Affinity isn’t an IT security firm and lacks the level of expertise.”
“With respect to the apparent data breach, Affinity Gaming was wholly dependent on and subordinate in terms of its understanding, knowledge, and capabilities, to Trustwave, relying on [it] to diagnose, investigate, and prescribe appropriate measures to address.”
“Mandiant’s forthright and thorough investigation concluded that Trustwave’s representations were untrue, and Trustwave’s prior work was woefully inadequate. In reality, Trustwave lied when it claimed that its so-called investigation would diagnose and help remedy the data breach when it represented that the data breach was “contained,” and when it claimed that the recommendations it was offering would address the data breach. Trustwave…failed to identify the means by which the attacker had breached Affinity Gaming’s data security. Thus, Trustwave could not in good faith have made the foregoing representations to Affinity Gaming.”
Trustwave spokesperson told that they disagree with allegations and they will defend themselves vigorously in court.