Trustwave denies responsibility in Target data breach

Credit card security firm and Target US partner Trustwave denied processing cardholder data for the retailer or handling Target's data security, as alleged in a lawsuit targeting the pair.

In a letter to customers and business partners, Trustwave CEO Robert McCullen said the company's connection to Target was not what had been portrayed in a suit filed last week by two banks seeking at least US$5 million in damages.

"Contrary to the misstated allegations in the plaintiffs' complaints, Target did not outsource its data security or IT obligations to Trustwave. Trustwave did not monitor Target's network, nor did Trustwave process cardholder data for Target," the letter from McCullen read.

"These claims against Trustwave are without merit."

The lawsuit filed in Chicago federal court by Trustmark National Bank and Green Bank NA accuses Target and Trustwave of failing to properly secure customer data, enabling the theft of about 40 million payment card records plus 70 million other records, including addresses and phone numbers.

The banks said they lost money from alerting customers to the breach, reimbursing fraudulent charges and reissuing cards. Those losses could increase, they said, if criminals ultimately use several million stolen cards as some analysts project.

While the complaint seeks unspecified damages of at least US$5 million, Trustmark and Green Bank said losses could top US$1 billion for card issuers they hope to represent in a class action, and US$18 billion for banks and retailers combined.

Target already faces dozen of lawsuits over the breach, but the lawsuit filed last week appears to be the first to focus on Trustwave, a privately held provider of credit card security services.