Is A Security Auditor Liable If There’s A Security Breach?

Wired is discussing the suddenly relevant legal question of whether or not a security auditor should be held liable if it claims a company’s data is secure, and then there’s a data leak. The specific lawsuit in the spotlight right now involves Savvis — who had audited the security of CardSystems’ computer systems and determined that the company “had implemented sufficient security solutions and operated in a manner consistent with industry best practices.” As you may remember, CardSystems was later found to have had a massive breach of credit card data (for a while, until recently surpassed, it was considered the largest ever credit card data breach). So Savvis is now being sued for claiming that CardSystems’ systems were secure. This is certainly a tough one. (TechDirt)