Nevada casino operator Affinity Gaming is suing cybersecurity firm Trustwave, alleging that Trustwave failed to contain or detect the extent of a 2013 cyberattack. The breach led to customer credit card numbers being stolen.
The lawsuit is among the first to be filed against a cybersecurity firm for failure to properly secure a system, according to the Financial Times.
“Shortly after Trustwave’s engagement ended, and after Trustwave had promised that the data breach had been ‘contained’ and the suspected backdoor(s) ‘inert,’ Affinity Gaming learned that its data systems still were compromised,” Affinity said in a complaint filed last month in Nevada federal court.
In reality, Affinity alleges, a backdoor into its systems “was very real and accessible.” The casino company says Trustwave also failed to detect malware used to steal passwords on at least one of its systems, and an “open communication link” created by the unidentified hackers.
Trustwave denied the allegations in an email to Fast Company on Tuesday. “We dispute and disagree with the allegations in the lawsuit, and we will defend ourselves vigorously in court,” wrote a company spokesman.
Affinity, which operates casinos including the Silver Sevens Hotel and Casino in Las Vegas and the Mark Twain Casino in Missouri, says in the complaint that it was forced to hire another security firm to investigate further and end the breach, incurring additional expenses. Affinity was required to cover fraudulent credit card charges and other bank costs when the hackers returned to steal customer credit card information, the company says.
“Affinity Gaming would have avoided these costs had Trustwave not misrepresented its work and performed its investigation properly,” according to the complaint.