Affinity Gaming Sues Cybersecurity Firm Over Data Breach in Landmark Case
One of the most important jobs that cybersecurity firms are tasked with is protecting information from hackers. Now, a landmark case will determine whether an IT company is responsible for negligently putting a casino’s customers at risk of identity theft.
According to CalvinAyre.com, casino company Affinity Gaming is accusing Chicago-based IT firm Trustwave of failing to “adequately investigate and remedy a data breach.”
Affinity Gaming filed a lawsuit against the IT company in the U.S. District Court of Nevada. The lawsuit states that Trustwave was hired to investigate a cyber-attack on Affinity’s payment cards system.
Two months after being hired, Trustwave notified the Las Vegas-based gaming enterprise that the breach was “contained.” Affinity Gaming then employed data security firm Mandiant to perform a separate investigation into the matter, which revealed that the breach was not contained.
“While Trustwave had concluded that the last data breach activity occurred in October 2013, Mandiant’s investigation revealed that these persons/organizations again compromised Affinity Gaming’s data in December 2013, while Trustwave’s supposed investigation and remediation efforts were still ongoing,” Affinity Gaming stated in the lawsuit.
Affinity Gaming is asking for more than $99,294 in compensation and $297,883 in punitive damages. The case is expected to have a dramatic impact on the way that IT companies are held culpable for their actions.
Industry experts and experienced IT firms maintain that this is an isolated incident, adding that Trustwave should be expected to pay for its gross negligence towards Affinity’s data breach. According to SC Magazine, other IT experts are giving Trustwave the benefit of the doubt until more information is released.
Fred Kost, a security expert at HyTrust, believes it’s possible that the breach was indeed contained at the time of Trustwave’s report. If true, this would mean that other unforeseen compliance issues caused Affinity’s information to be compromised, rather than incompetence on the part of Trustwave.
In an email to SC Magazine, a Trustwave spokesperson said the company vehemently disagreed “with the allegations in the lawsuit, and we will defend ourselves vigorously in court.”
Thus far, Affinity Gaming has refused public comment regarding the lawsuit.