BreachExchange mailing list archives
Genesco takes VISA to court over data breach
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 11 Mar 2013 09:12:06 -0400
http://blogs.tennessean.com/business/2013/03/08/genesco-takes-visa-to-court-over-data-breach/ Nashville-based retailer Genesco Inc. is suing VISA, accusing the credit-card company of wrongfully taking more than $13 million as punishment for a data breach. The federal lawsuit, filed Thursday in Nashville, accuses VISA of breach of contract and unfair business practices. The filing was no surprise: Genesco, which owns the Lids, Journeys and Johnston & Murphy chains, had previously hinted it would take legal action against three major credit-card companies. The dispute stems from a 2010 breach of Genesco’s computer system. Unidentified hackers inserted malicious software designed to capture card information as it was processed through the network, the suit said. It said the hackers were hoping to exploit a weak link in the transaction approval process: Card data transmitted from the register to banks is not encrypted. VISA later fined Fifth Third Bank and Wells Fargo $5,000 each and levied another $13.3 million in assessments, saying they were liable for the breach because they did not comply with industry-wide security standards. The banks paid, taking the money from Genesco’s accounts and assigning any recovery efforts to Genesco. Genesco contends VISA overreacted because there was no evidence that the hackers stole any cardholder information. The retailer said regular rebooting of its computer servers erased any data before hackers could retrieve it. Genesco also contends VISA violated its contracts with the banks by not following the required procedure before issuing the fines and assessments. The card company’s actions also are unfair business practices under California law, the suit contends. VISA is headquartered in San Francisco. Also named in the suit are VISA U.S.A., the company’s U.S. subsidiary, and VISA International Service Association, its global unit. They also are based in San Francisco, according to the suit. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Genesco takes VISA to court over data breach Erica Absetz (Mar 11)