Analecta Cyber Company Blog: Casino sues cyber security company over failure to stop hacks

2016-02-03

Casino sues cyber security company over failure to stop hacks

Affinity Gaming is one of the many Las Vegas-based casino operators. The company’s businesses included five casinos in Nevada and six others around the United States. When the company suffered from a network breach, it hired a security firm to manage and clean up its network system. But now Affinity Gaming is suing the security firm that was supposed to protect it in those kind of events.




The security firm, known as Trustwave, has been sued for allegedly performing insufficiently with regards to its own investigations on the matter.

Affinity Gaming claimed that Trustwave failed to stop the breach that directly resulted in the theft of customer credit card data. This allowed the hackers to continue taking advantage of the breach even during the investigation period, Affinity said in its lawsuit.

The casino operator outsourced the services of Trustwave during the latter part of 2013. The company tried to analyze and clean up the computer network breach it suffered which allowed attackers to obtain their customers' credit card information.

Credit card info hit

An estimated 300,000 credit card accounts from Affinity Gaming's customers were believed to have been compromised during the initial breach. And a few months later, after hiring Trustwave, they submitted a report stating that they had identified the source of the breach and had contained the malware responsible for the intrusion.

On the other hand, after a year had passed, the casino operator was hit again by a second credit card breach. This time, Affinity officials became aware of information showing that the malware had never been fully removed. This information came from a rival cybersecurity firm known as the Mandiant.

Affinity Gaming is seeking a minimum of $100,000 in damages from Trustwave. Details of the lawsuit filed by the company states that it had hired the services of the security firm to diagnose, investigate, and prescribe appropriate measures to address the problem caused by the initial breach. And so, when Affinity Gaming was hit again by another data breach, the company sought help from the rival security firm, Mandiant, which had concluded that Trustwave's claim of full removal of the malware were untrue.

And as expected, Trustwave denied the allegations of their rival firm and confidently stated that they will defend themselves strongly in court.