Home page logo

dataloss logo Data Loss mailing list archives

Genesco takes VISA to court over data breach
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 11 Mar 2013 09:12:06 -0400


Nashville-based retailer Genesco Inc. is suing VISA, accusing the
credit-card company of wrongfully taking more than $13 million as
punishment for a data breach.

The federal lawsuit, filed Thursday in Nashville, accuses VISA of
breach of contract and unfair business practices.

The filing was no surprise: Genesco, which owns the Lids, Journeys and
Johnston & Murphy chains, had previously hinted it would take legal
action against three major credit-card companies.

The dispute stems from a 2010 breach of Genesco’s computer system.
Unidentified hackers inserted malicious software designed to capture
card information as it was processed through the network, the suit

It said the hackers were hoping to exploit a weak link in the
transaction approval process: Card data transmitted from the register
to banks is not encrypted.

VISA later fined Fifth Third Bank and Wells Fargo $5,000 each and
levied another $13.3 million in assessments, saying they were liable
for the breach because they did not comply with industry-wide security
standards. The banks paid, taking the money from Genesco’s accounts
and assigning any recovery efforts to Genesco.

Genesco contends VISA overreacted because there was no evidence that
the hackers stole any cardholder information. The retailer said
regular rebooting of its computer servers erased any data before
hackers could retrieve it.

Genesco also contends VISA violated its contracts with the banks by
not following the required procedure before issuing the fines and
assessments. The card company’s actions also are unfair business
practices under California law, the suit contends.

VISA is headquartered in San Francisco. Also named in the suit are
VISA U.S.A., the company’s U.S. subsidiary, and VISA International
Service Association, its global unit. They also are based in San
Francisco, according to the suit.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

  By Date           By Thread  

Current thread:
  • Genesco takes VISA to court over data breach Erica Absetz (Mar 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]