• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Security Vendor Trustwave Named In Target Suit

March 26, 2014

Views: 1,138

You might remember earlier in March, the Target CIO resigned due to the huge breach in December last year.

Now in an unprecedented move, the banks are suing Target’s security vendor – Trustwave. It’s a class-action suit accusing them of failing to detect the breach. It seems a bit of a stretch though, there’s no such thing as 100% as we all know, holding the security vendor responsible in this case seems a little unfair.

Trustwave

Security vendor Trustwave was accused in a class-action suit of failing to detect the attack that led to Target’s data breach, one of the largest on record.

Target, which is also named as a defendant, outsourced its data security obligations to Trustwave, which “failed to live up to its promises or to meet industry standards,” alleged the suit, filed Monday in U.S. District Court for the Northern District of Illinois.

Plaintiffs Trustmark National Bank of New York and Green Bank of Houston claim Target and Trustwave failed to stop the theft of 40 million payment card details and 70 million other personal records.

The lawsuit, one of dozens filed against Target, illustrates the growing frustration of banks burdened with the costs of reissuing compromised cards and their willingness to pull in other companies viewed as culpable into legal battles.

Support agreements between companies and security vendors are often confidential, and it was not clear from the suit how the banks determined Trustwave was one of Target’s contractors.

A Trustwave spokeswoman said Tuesday via email the company doesn’t confirm its customers or comment on pending legal matters. Target also said it also does not comment on pending litigation.

Everything factual seems to be legally shielded at the moment, as I would expect with any type of infosec related vendor. There will be NDAs in place and Trustwave have already stated that it’s against their policy to acknowledge who their clients are.

Also details about lawsuits don’t tend to come out until all parties are satisfied and the discussions are over.

The suit contends Target retained Trustwave to monitor its computer systems and ensure compliance with PCI-DSS, an industry security recommendation pushed by MasterCard and Visa to protect cardholder data from leaking.

Trustwave claims on its website to provide guidance to millions of businesses for compliance with PCI standards with testing and assessment teams.

Trustwave scanned Target’s network on Sept. 20, 2013 and told Target no vulnerabilities were found, the suit alleges.

Target has said it believed attackers stole the data between Nov. 27, 2013, and Dec. 15, 2013, via malicious software installed on point-of-sale devices.

The malware collected unencrypted payment card details after a card was swiped and briefly held in a computer’s memory, capitalizing on a unknown weakness despite years of efforts to harden payment systems.

U.S. banks have spent more than US$172 million reissuing cards, the suit said, citing figures from the Consumer Banker Association. The total cost of the breach to retailers and banks could exceed $18 billion, the suit claims.

The suit, which asks for a jury trial, seeks unspecified compensatory and statutory damages.

I don’t really think Trustwave is at fault here, from what I understand they are simply conducting PCI compliance scans. Which doesn’t cover any kind of deep, long term attack like this.

It covers basic, off the shelf, non zero-day vulnerabilities in software and web services. I think we’ll have to wait a little longer to get more details.

Source: Network World

Share
Tweet
Share20
Buffer
WhatsApp
Email
20 Shares

Filed Under: Legal Issues



Reader Interactions

Comments

  1. John Otte says

    March 27, 2014 at 2:51 am

    Trustwave finally gets what it deserves. It is a well known fact that they have been too tightly integrated and associated with the PCI Standards Council and that they “Rubber Stamp” Reports on Compliance. I am glad they are finally called to be accountable for once.

    • Darknet says

      April 3, 2014 at 5:32 pm

      Not being so familiar with what goes on in the US market, I can’t say that’s surprising.

  2. richard m says

    March 28, 2014 at 1:21 am

    Other coverage claims trustwave was providing managed IDS and did not notice breach for three weeks, which makes more sense as grounds for suit

    • Darknet says

      April 3, 2014 at 5:32 pm

      Ah, a managed IDS situation would be more cause for concern, and yes a grounds for a suit if there was indeed something ignored/overlooked.

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Falco - Real-Time Threat Detection for Linux and Containers

Falco – Real-Time Threat Detection for Linux and Containers

Views: 301

Security visibility inside containers, Kubernetes, and cloud workloads remains among the hardest … ...More about Falco – Real-Time Threat Detection for Linux and Containers

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 594

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 556

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 594

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 451

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 677

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (235)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,297,617)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,103)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,638)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,691)
  • Password List Download Best Word List – Most Common Passwords (933,521)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,170)
  • Hack Tools/Exploits (673,298)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,183)

Search

Recent Posts

  • Falco – Real-Time Threat Detection for Linux and Containers May 19, 2025
  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy