Over the last few months, the Target security breach has been a major topic of conversation regarding technology security. A piece of malware was able to infiltrate the retailers network through a backdoor connection and affected roughly 110 million customers.
According to an article from Wired, since being announced in December of 2013, there has been talk of litigation from consumers and banks. While some have been filed, they have either been settled or dismissed. However, there is one lawsuit that could become a major problem for Target.
Chicago-based Trustmark National Bank and Green Bank NA, on behalf of all financial institutions affected by the breach, are suing Target and Trustwave -- the security company that certified the security of Target's network in September 2013.
The proposed class-action suit accuses Trustwave of conducting a "shabby security assessment" that failed to uncover massive problems. Most noticeably is the lack of adherence of PCI DSS, which is a set of standards from the Payment Card Industry Council that binds business accepting bank card payments.
"The hackers could not have accessed Target's internal computer network and point-of-sale ('POS') system and stolen its customers' sensitive payment card information and PII but for Target's inadequate security protections — including its failure to comply with PCI DSS," the banks assert in the lawsuit.
There is more to keeping customer payment and personal information secure than remaining PCI compliant. Security is a never ending process, while PCI standards are a snapshot of current requirements. While companies need to remain compliant, they need to keep their security a priority all year long.