Remember when you are watching those TV shows, you know the ones, where government agencies are trying to track down bad guys who have breached a “secure” network? Happens in real life too, with companies like Affinity Gaming finding out the hard way.
Affinity gaming is a Las Vegas-based casino operator who discovered back in 2013 that their network had been breached and people were able to get to the credit card data. Sounds familiar right? Affinity Gaming hired the security firm Trustwave to investigate and isolate the breach, effectively fixing the problem. At the end of the investigation, they claimed that the data breach was “contained”, then adding comments on how to “fend off future data attacks”.
Affinity Gaming then found that they were suffering another data breach, for which they hired the data security firm Mandiant to investigate. It was during Mandiant’s investigation that they worked out the work previously done was only on a “subset of Affinity Gaming’s data security”. This coupled with the fact that they “had failed to identify the means by which the attacker had breached” their systems meant that overall Affinity Gaming believes Trustwave was responsible for “misrepresentations and grossly negligent performance” which in turn they believe cost them “significant out of pocket losses”.
Listing 76 steps outlying their interactions between the three companies and now the complaint, you can see why if one company promised to protect your data and then was found to have failed this task, you would want your money back.