(Reuters) - Trustwave Holdings Inc, a credit-card security firm that has been sued along with Target Corp over a sweeping data breach, said on Saturday it did not process cardholder data for the retailer or handle Target's data security as a lawsuit alleges.
In a letter to customers and business partners, Trustwave Chief Executive Robert McCullen said the company's connection to Target was not what had been portrayed in a suit filed last Monday by two banks seeking at least $5 million in damages.
"Contrary to the misstated allegations in the plaintiffs' complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target's network, nor did Trustwave process cardholder data for Target," said the letter from McCullen posted on the company's website.
"These claims against Trustwave are without merit," the letter added.
The lawsuit filed in Chicago federal court by Trustmark National Bank and Green Bank NA accuses Target and Trustwave of failing to properly secure customer data, enabling the theft of about 40 million payment card records plus 70 million other records, including addresses and phone numbers.
The banks said they lost money from alerting customers to the breach, reimbursing fraudulent charges and reissuing cards. Those losses could increase, they said, if criminals ultimately use several million stolen cards as some analysts project.
While the complaint seeks unspecified damages of at least $5 million, New York-based Trustmark and Houston-based Green Bank said losses could top $1 billion for card issuers they hope to represent in a class action, and $18 billion for banks and retailers combined.
Target, the no. 3 U.S. retailer, already faces dozen of lawsuits over the breach, but the lawsuit filed on Monday appears to be the first to focus on Trustwave, a privately held Chicago-based provider of credit-card security services.
The data breach occurred from November 27, the big post-Thanksgiving shopping day known as Black Friday, to about December 15.
The case is Trustmark National Bank et al v. Target Corp et al, U.S. District Court, Northern District of Illinois, No. 14-02069.
(Reporting by Jonathan Stempel in New York, and Jim Finkle in Boston; Writing by Carey Gillam in Kansas City; Editing by Peter Cooney)
- Company Legal & Law Matters
- Target Corp
- data breach