Update on the Target/Trustwave suit: Trustwave will vigorously defend its corner
On Friday I reported on the complaint against Trustwave over the Target breach. I criticised Trustwave for both assessing and then monitoring Target. This was an assumption based on the court documents, which state:
Trustwave scanned Target’s computer systems on Sept. 20, 2013, and told Target that there were no vulnerabilities in Target’s computer systems. Trustwave also provided round-the-clock monitoring services to Target, which monitoring was intended to detect intrusions into Target’s systems and compromises of PII or other sensitive data. In fact, however, the data breach continued for nearly three weeks on Trustwave’s watch.
In fact Trustwave did not monitor Target’s networks. CEO Robert J. McCullen yesterday issued an open letter to customers. He said that the lawsuit is without merit, and “we look forward to vigorously defending ourselves in court against these baseless allegations.”
Contrary to the misstated allegations in the plaintiffs’ complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target’s network, nor did Trustwave process cardholder data for Target.
A Letter To Our Valued Customers — Robert McCullen