Affinity Gaming Sues Trustwave for Failing to Stop Data Breach
Affinity Gaming has filed a lawsuit against Trustwave due to the firm’s alleged mishandling of a security breach that had exposed the data of up to 300,000 Affinity customers.
According to the Complaint, the casino operator hired Trustwave in October 2013 to “investigate, diagnose and help remedy” the security breach.
After the investigation, Affinity claims Trustwave reported that “the data breach was contained,” and Trustwave provided “recommendations for Affinity Gaming to implement that would help fend off future data attacks.”
Affinity soon discovered that a second cyberattack had occurred while Trustwave was analyzing the first, and claims the security firm missed this attack. Affinity hired a second security consulting firm, Mendicant, that concluded Trustwave’s efforts had been “woefully inadequate.”
This is a landmark lawsuit since it could potentially create new liability options regarding cybersecurity, cyberattacks and data breaches. Until now, breached companies have worked alone to appease customers, and have accepted any financial loss. This court case could make third-party cybersecurity specialists liable for cyberattack losses.
A Trustwave spokesperson told ZDNet the company denies negligence, and “we dispute and disagree with the allegations in the lawsuit and we will defend ourselves vigorously in court.”
Affinity has already used $1.2 million of a $5 million cyberinsurance policy on this breach. It has sued Trustwave for $100,000 in damages.