Casino sues cybersecurity firm for ‘woefully inadequate’ investigation
By Erin E. Harrison, From Editor in Chief, Legaltech News
Affinity Gaming filed a lawsuit against Trustwave alleging the firm’s work was ‘grossly negligent’ data breach investigation involving 300,000 customers.
A Las Vegas casino operator that filed a lawsuit against a cybersecurity firm the company hired in the wake of a 2013 data breach may be paving the way for other businesses to take contracted cybersecurity companies to court.
Trustwave, which is based in Chicago, was hired by Affinity Gaming to investigate a hack that exposed the details of credit cards belonging to as many as 300,000 customers, who used them at restaurants, hotels and gift shops on its casino properties.
“At the conclusion of its investigation, Trustwave represented to Affinity Gaming that the data breach was ‘contained’ and purported to provide recommendations for Affinity Gaming to implement that would help fend off future data attacks,” according to the lawsuit filed in U.S. district court in Nevada on Dec. 24.
After Trustwave’s initial investigation concluded in 2013, Affinity Gaming later learned that it had suffered an ongoing data breach, which led the gaming company to retain a second data security consulting firm, Mandiant.
“Mandiant’s forthright and thorough investigation concluded that Trustwave’s representations were untrue, and Trustwave’s prior work was woefully inadequate,” the lawsuit said.
In a statement emailed to Legaltech News, Cas Purdy, a Trustwave spokesperson said: “We dispute and disagree with the allegations in the lawsuit, and we will defend ourselves vigorously in court.”
The case is among the first of its kind where a client challenges a cybersecurity company over the quality of its investigation following a hack.
Affinity Gaming is seeking at least $100,000 in damages from Trustwave as well as a “declaration that Trustwave is liable to Affinity Gaming for any and all future losses or injuries arising from Trustwave’s misconduct.” The gaming company said it has used $1.2 million of a $5 million cyber insurance policy to handle expenses related to the breach, the Financial Times reported.
A representative for Affinity Gaming declined to comment on the case. The company operates 11 casinos in the U.S.—five in Nevada, three in Colorado, two in Missouri, and one in Iowa.
On its website, Trustwave says it “helps businesses fight cybercrime, protect data and reduce security risk.”
Earlier this month, Trustwave announced that IT research firm Gartner positioned Trustwave in the “challengers” quadrant in the “Gartner Magic Quadrant for Managed Security Services, Worldwide,” a report that evaluated 14 different global managed security service providers (MSSPs) on several criteria.
IMAGE: ©iStock.com/akindo
