SC Breach Lawsuit Expands to Include Security Firm Trustwave


The class action lawsuit targeting South Carolina Governor Nikki Haley and the South Carolina Department of Revenue over a recent security breach has been expanded to include security company Trustwave and the Division of State Information Technology (DSIT).

"The state hired the managed security service provider in 2005 to secure its databases," writes Threatpost's Anne Saita. "Trustwave, an international company based in Chicago, specializes in compliance tools offered through MSSP or cloud-based services. It did not release a statement in response to its inclusion in the lawsuit."

"It’s in the crosshairs of the suit, according to the plaintiffs, because it failed to prevent the heist, in which international hackers made off with 3.6 million personal income tax returns, 387,000 credit and debit card numbers and up to 657,000 business filings. ... Meanwhile, DSIT neglected its duty by allowing its functions to be outsourced to a third party, the suit alleges," Infosecurity reports.

"'This is a huge development, because we learn for the first time that a large, multinational corporation had assumed the responsibility for securing this data,' Upstate attorney John Hawkins said in announcing his amended lawsuit against the state, which he hopes will be designated class-action status representing each of 3.6 million residents whose Social Security numbers have been compromised," writes Greenville Online's Eric Connor. "'This case is no longer just about suing state government,' Hawkins said. 'It’s become much bigger.'"

"The discovery stage of the lawsuit should begin in the near future, Hawkins said," write WLTX's Derry London and Nate Stewart.