The latest ones who will have to deal with its ramifications is security firm Trustwave who, along with Target itself, has been named in a class-action suit filed by a group of banks at the US District Court for the Northern District of Illinois.
The plaintiffs, lead by Trustmark National Bank and Green Bank, claim that "Target falsely assured the banks and their customers that its computer network and Point of Sale systems complied with industry standards for protecting customers' confidential payment information," while repeatedly ignoring and deciding against improvements that could secure its POS systems, failing to take the opportunity to promote the use chip cards in its stores, and failing to implement and maintain security safeguards advised by Visa.
"The data breach occurred because Target did not meet industry standards," the banks claim. "Target does not prioritize data safety, and outsourced its data security obligations to Trustwave, which failed to bring Target's systems up to industry standards."
Trustwave is accused of failing to spot security vulnerabilities in Target's computer systems, and of failing to spot signs of the criminals' intrusion.
"Trustwave failed to live up to its promises, or to meet industry standards. Trustwave's failings, in turn, allowed hackers to cause the Data Breach and to steal Target customers' PII and sensitive payment card information. In addition, Trustwave failed to timely discover and report the Data Breach to Target or the public," they plaintiffs concluded.
The banks claim that the damage done to them is "monumental" - according to the Consumer Bankers Association, the breach has cost its US member banks over $172 million just to re-issue the stolen payment cards, and that number does not include fraudulent purchases and unauthorized cash withdrawals the banks have also had to absorb.
The banks are seeking that Target and Trustwave cover all damages they have incurred because of the breach.