Affinity Gaming Sues Trustwave Over Failure to Contain Cyber Breach

Affinity Gaming, a US casino operator, is suing cyber security company Trustwave for failing to contain a breach that Trustwave was hired to shut down. This lawsuit creates a new avenue of liability around data breaches.
According to an article on the Financial Times:

The lawsuit, filed in the US District Court in Nevada in late December, is one of the first of its kind where a client challenges a cyber security company over the quality of its investigation following a hack.
“This litigation demonstrates that as the law of data privacy and security continues its lightning-fast evolution, so does litigation in this area,” said Joseph DeMarco, a lawyer specialising in data privacy who is not involved in the litigation. He added that the standards that cyber security companies were expected to meet were still evolving.
“I expect to see more of these cases as more and more breaches are investigated, sometimes in ways that the victim is not satisfied with,” Mr DeMarco said.
Affinity hired Trustwave, a Chicago-based cyber security company, to investigate a hack that exposed the details of credit cards belonging to as many as 300,000 customers who used them at restaurants, hotels and gift shops on its casino properties. Affinity alleges it later learnt that a second hack took place while Trustwave was analysing its systems but they missed it and concluded the breach was contained.
Trustwave denied any wrongdoing. “We dispute and disagree with the allegations in the lawsuit and we will defend ourselves vigorously in court.”

Click here to read the full article on the Financial Times.