The complaint states that “Trustwave scanned Target’s computer systems on September 20, 2013 and told Target that there were no vulnerabilities in Target’s computer systems. … To the contrary, however, and as reported by The New York Times, Target kept credit and debit card data on its servers for six full days before hackers transmitted the data to a separate Web server outside of Target’s network. Because of these vulnerabilities in Target’s security systems — either undetected or ignored by Trustwave — hackers were able to take 40 million Payment Card records, encrypted PINs, and 70 million records containing Target customer information over the course of two weeks.”
“Additionally, on information and belief, Trustwave also provided round-the-clock monitoring services to Target, which monitoring was intended to detect intrusions into Target’s systems and compromises of PII or other sensitive data,” the complaint adds. “In fact, however, the Data Breach continued for nearly three weeks on Trustwave’s watch.”
Both Trustwave and Target told SC Magazine that it’s against their policies to discuss pending litigation.