IT services company Savvis is being sued by US bank Merrick following a data breach in 2006 at the bank's payment processor, which had previously been vetted by the supplier.
The Courthouse News Service reported that Merrick Bank is claiming it lost $16m after hackers stole unencrypted credit card data from its payment processor, CardSystems.
The bank is alleging that Savvis had assessed CardSystems and reported that its security processes met credit card regulations. However, less than a year after the assessment, Merrick said the CardSystems computers were broken into and millions of credit cards were stolen, resulting in the bank having to pay a $16m to Visa and Mastercard in fines.
Credit card companies are establishing stringent rules for protecting card data under a set of regulations known as the Payment Card Industry Data Security Standard.