Affinity Gaming goes after cybersecurity firm in landmark case over data breach

Casino company Affinity Gaming is accusing a cybersecurity firm of failing to “adequately investigate and remedy a data breach.”

In a landmark case that could sound the alarm bells for other cybersecurity firms, Affinity Gaming has filed a lawsuit against Trustwave, claiming the company carried out a “woefully inadequate” investigation of a hack that led to a misleading report, which, in turn, opened a new avenue of liability around data breaches.

In its lawsuit, filed in the U.S. District Court in Nevada late last year, Affinity said it hired Chicago-based Trustwave in 2013 to check out a suspected cyber-attack on its payment cards system. Two months later, Trustwave told the Las Vegas company the breach was already “contained,” but Affinity claimed it later found out the company’s systems were still breached even after Trustwave’s investigation.

A separate investigation by data security firm Mandiant revealed the breach wasn’t contained, and that Affinity’s data was compromised despite Trustwave’s remediation efforts, according to court documents.