Trustwave failed to spot casino hackers right under its nose

January 16, 2016

IT security biz Trustwave is being sued by a Las Vegas casino operator for allegedly bungling a hacking investigation. Trustwave denies any wrongdoing.

The outcome of the lawsuit could have staggering consequences for infosec outfits hired to analyze and cleanup computer network intrusions, in terms of potential liabilities and breaches of contract.

In October 2013, Trustwave, based in Chicago, was drafted in by Affinity Gaming to work out how the casino operator was hacked: details on 300,000 or so credit cards used by folks in Affinity’s restaurants and hotels were accessed by miscreants who compromised its systems.

According to Affinity, Trustwave poked around its computers, and after some analysis, gave the all-clear – the attack had been “contained,” apparently. Allegedly, though, hackers broke into Affinity’s systems again while Trustwave was investigating, and this second infiltration was not detected.

Read full story…