Following Target and Sony attacks Obama calls for 30-day mandatory reporting
Target experience massive customer data breach. Reuters

Credit-card security firm Trustwave Holdings said it is not responsible for the massive data breach at Target, after it was named in a lawsuit along with the third-largest US retailer.

Trustwave said its relationship with Target was misrepresented, and it did not process cardholder data for Target or handle data security as was claimed in the lawsuit.

"Contrary to the misstated allegations in the plaintiffs' complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target's network, nor did Trustwave process cardholder data for Target," Trustwave CEO Robert McCullen said in a letter to customers and business partners.

"These claims against Trustwave are without merit."

Earlier, two US banks, Trustmark National Bank and Green Bank N.A., filed a lawsuit in US district court in Chicago against Target and Trustwave, saying Trustwave is also liable for the theft of 40 million credit and debit card numbers from Target last year.

"Trustwave failed to timely discover and report the data breach to Target or the public," according to the lawsuit.

The complaint sought unspecified damages of at least $5m (£3m, €3.6m). It added that losses could top $1bn for all card issuers affected by the security breach. The banks said they lost money from alerting customers to the breach, reimbursing fraudulent charges and reissuing cards.

Following the clarification from McCullen, Trustmark National Bank filed a notice of dismissal of its claims. Trustmark could refile the suit and drop Trustwave as a plaintiff and a similar move is expected from Green Bank.

Related

Target discovered a major security breach in December 2013. Payment data from about 40 million credit and debit cards were stolen from Christmas shoppers at its stores over 19 days between 27 November and 15 December.

It has since been revealed that a further 70 million customer records with sensitive information such as names, telephone numbers and email addresses were also stolen.

The retailer is facing a number of lawsuits over the data breach.

Trustwave offers security auditing services to retailers to avoid fines from card issuers. The security compliance programme of card issuer American Express is run by the company.