Feeds

back to article Banks lob sueball at Trustwave, Target over breach

A group of banks has filed a class action lawsuit against Target over its recent data breach, and has named security company Trustwave as a co-defendant. The late-2013 security breach resulted in at least 40 million customers' credit cards being compromised, after a Maryland contractor's systems provided a bridge into the retail …

COMMENTS

This topic is closed for new posts.
Bronze badge

Target

I hope this sueball breaks Target, it deserves to be made an example. To all those CEOs who think "outsourcing will take care of security".

5
1
Roo
Silver badge

Re: Target

"I hope this sueball breaks Target, it deserves to be made an example. To all those CEOs who think "outsourcing will take care of security"."

Careful what you wish for. All those folks who are out of jobs as a result of Target failing will look for jobs elsewhere. Those same could end up looking after your bank account... :)

0
0
Bronze badge

Hit em where it hurts.

I'm not naive. Companies don't care about security any more than they care about toilet paper - it's an expense but they need to have some, so they buy the cheapest 'solution' possible and call it quits. Pleas to 'do the right thing' or 'concern for the customers' wellbeing' (AFTER they've handed over their cash) won't get the job done.

However, making lack of security expensive. Yeah. That'll do it. A billion dollar plus judgement and we'll see every Target becoming a quantum-encrypted, air-gapped fortresses, with armed and flak-jacketted paramilitary types guarding every terminal and comms cupboard.

5
0

The underlying problem is,,,

That the day-to-day business operations of these really big retail companies with lots and lots of customers are all about really big IT systems processing big amounts of sensitive data.

Because IT is at the heart of these businesses, you would think they'd have at least one main board director with fundamental IT systems knowledge and expertise.

That problem for the company with a main board IT director is that is that they cannot (or it makes it more difficult for them to) claim ignorance as a defence and lay off responsibility to more junior IT bods or third party service providers / contractors when this kind of event takes place.

1
0
Silver badge

Re: The underlying problem is,,,

No, the real problem with these sorts of operations is that they are run by the same sort of people who'd put a penny in a fuse box because it wouldn't burn out.

2
0
Silver badge
Holmes

Re: The underlying problem is,,,

Because IT is at the heart of these businesses, you would think they'd have at least one main board director with fundamental IT systems knowledge and expertise.

But then, they'd need someone senior to that IT director to check to see if the candidates were just spouting a line of BS, or if they really knew what they were talking about.

It's a never-ending cycle of people knowing just enough to sound like they know what they're doing, when in fact, all they need to know is a few choice nuggets that their boss doesn't understand.

0
0
Silver badge
FAIL

"Trustwave"...

... the people who use Flash to run their website...

0
0
Anonymous Coward

Trustwave named in the sueball

What, the banks don't know what a scam PCI compliancy really is?

1
0
Silver badge
Unhappy

Costs have already reached $172M

...in re-issuing cards alone, with perhaps $US1 billion in the longer-term costs of fraudulent transactions resulting from the breach.

My bank's fees will shortly be increasing, then.

0
0

PCI is a bandaid for the real problem

I think we should fix the root cause which is the credit card system itself it needs to be replaced with some other system. We need a more secure credit system.

Example. An app on your phone that you have to login to that connects to your bank that you have to use to approve the use of your credit card before you use it. If you dont approve it before hand then it is declined. That way if they get your credit card information they cant use it. Some form of two factor authentification for credit cards.

The banks should eat this as a lesson that they need to replace this system.

1
1

Re: PCI is a bandaid for the real problem

You mean like the Barclays PINSentry for example?

http://www.barclays.co.uk/Helpsupport/UpgradetoPINsentry/P1242559314766

http://www.barclays.co.uk/BarclaysMobileBanking/MobilePINsentry/P1242616134119

Steve

0
0
Thumb Down

Trustwave...again...

*Now* I remember why the name Trustwave rings a bell....

http://www.theregister.co.uk/2012/02/14/trustwave_analysis/ - Trustwave to escape 'death penalty' for SSL skeleton key

http://www.eweek.com/c/a/Security/Mozilla-Asked-to-Revoke-Trustwave-CA-for-Allowing-SSL-Eavesdropping-545114/

0
0
This topic is closed for new posts.