After suffering an initial security breach, Las Vegas based casino operator Affinity Gaming hired cyber security firm Trustwave to perform a follow-up investigation in an attempt to both contain previous attacks and prevent future ones. Soon after, however, Affinity Gaming realized an ongoing security breach left the company and its customers vulnerable by revealing the credit card information of almost 300,000 of its patrons and subsequently hired second cyber security firm Mandiant for damage-control. Mandiant’s follow-up investigation has determined that Trustwave did not sufficiently perform their protective duties, with responsibility of the ongoing security leaks falling squarely on the former.
As a result, Affinity Gaming has filed a lawsuit against Trustwave, claiming that the initial investigation was inadequate and poorly executed. The casino operator will seek $100,000 in damages and has further claimed that Trustwave should be held liable for all losses or injuries that arise from the breach and have even spent one-fourth of their $5 million cyber insurance policy to help plug the damage caused. The lawsuit is one of the first of its kind, and may pave the way for more accessible action concerning failed cyber security in the future.