Casino Sues Security Firm For Failing To Contain Malware Infection

An anonymous reader writes: US casino chain Affinity Games is suing Trustwave Holdings, a cyber-security vendor that was brought in to investigate a card breach but failed to detect and stop a malware incident on Affinity's servers, which led to the escalation of a previous card breach. The casino chain noticed the sloppy job a few months later when it hired a penetration testing company to comply with new gaming regulation. Mandiant was brought in to mop up Trustwave's job later on. Affinity is now suing for $100,000 (or more) in damages.

Re:It's a gamble

[gstoddart]

Hey, it's entirely possible to be expensive and incompetent.

Lousy companies never cease to over-value their services.

Re:It's a gamble

You've worked with Oracle before I see.

Reminder..

[TechyImmigrant]

>PCI (Payment Card Industry)-compliant servers

PCI-DSS, the security standards for payment processing have nothing to do with security. There is a veneer of 'we are doing this for security', but none of it makes sense. This is why we keep seeing PCI-DSS compliant systems getting hacked and revealing card and personal details by the million.