Last week I wrote about how two banks – Trustmark National Bank of New York and Green Bank of Houston – had come together to file a class action lawsuit against Target, Inc. in the wake of a data breach at the US retailer which saw 40 million credit cards details, and 70 million other personal details, stolen.
Now, however, one of the two banks suing both Target and security vendor Trustwave has pulled out.
Trustmark National Bank filed a notice of dismissal of its claims on Friday. No detail is given as to why the bank has now ceased its action with the notice saying little more than:
“Pursuant to Federal Rule of Civil Procedure 41(a)(1)(A)(i), Trustmark hereby voluntarily dismiss its claims without prejudice to re-filing.”
However, based on a letter from Trustwave to its customers, the real reason why Trustmark ceased its legal action may be due to the former being misnamed in the suit.
After initially declining to identify its customers, or comment on outstanding litigation, Robert J. McCullen, Chairman, CEO and President of Trustwave Holdings, Inc., wrote:
“Dear Customers and Business Partners,
As some of you may know, Trustwave was recently named as a defendant in lawsuits relating to the data security breach that affected Target stores in late 2013.
In response to these legal filings, Trustwave would like to reassure our customers and business partners that these claims against Trustwave are without merit, and that we look forward to vigorously defending ourselves in court against these baseless allegations.
Contrary to the misstated allegations in the plaintiffs’ complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target’s network, nor did Trustwave process cardholder data for Target.”
Even if Green Bank of Houston should dismiss its claims, and there is no indication at this time that it will, the implications of the case still remain highly pertinent.
The banks’ original claim alleged that Trustwave had failed to ensure that Target’s systems were in line with industry standards, having informed the retailer that there were no vulnerabilities on its network shortly before the breach occurred.
Should such a claim be brought before a court in the future, and the judge and/or jury find in favour of the plaintiffs, then the consequences will be far-reaching, with breach victims and their security partners both being at risk of litigation and the subsequent costs associated with the losses incurred by affected financial institutions.
And of course lets not forget the other impacts of a data breach which are numerous, including loss of revenue through a variety of avenues as well as the potential damage to the trust in, and reputation of, the affected company/companies.
Perhaps the breach at Target, as well as other high profile breaches over the last year, will be sufficient to encourage businesses of all sizes to assess their security standing in order to ensure the risks are well managed and as small as possible?
We can but hope…