ST. LOUIS – Maritz Holdings Inc. of Fenton recently filed a lawsuit against its former information technology contractor that claims a "massive" cyberattack in 2016 and an additional attack in 2017 resulted in more than $14 million in losses related to electronic gift cards.
According to the lawsuit filed May 31 in U.S. District Court for the Eastern District of Missouri, Eastern Division, Maritz, which among other things manages and operates rewards programs for clients, entered into a contract in 2010 with Cognizant Technology Solutions of College Station, Texas, to provide offshore IT management services with a service vendor in India "with a proven track record of experience, reputation and quality."
The filing said the contract provided that Cognizant would be responsible for any security breaches or potential security breaches and would notify Maritz and investigate any breaches.
The filing said that as part of Maritz's rewards programs that it provides clients, Maritz issues gift cards to participants that are purchased from vendors such as Target, Amazon, Apple and others. Redemption codes for participants are typically provided on a card, known as "eGiftCards," which are similar to a credit card or in an electronic format.
Information regarding the cards were maintained on a Maritz shared network on its computer systems, the suit states.
In March 2016, Maritz ran a campaign directed to 40,000 of its cardholders which involved eGiftCards, after which it was reported that a large number of participants had cards with no value, the filing said.
A company that Maritz hired to investigate the matter found that phishing emails had been sent to Maritz email addresses with a malicious file that provided a backdoor to the company's computer files, the suit claims. Between March 2 and 26, 2016, the perpetrators accessed the shared drive where eGiftCard information was stored.
The suit claims that vendors had confirmed the redemption of nearly $11.1 million in total in unissued cards. The suit further claims Maritz paid approximately $323,000 to purchase replacement cards, the company reissued more than $100,000 in cards based on complaints and it spent $1.2 million in out of pocket expenses related to investigating.
The suit claims another breach in February 2017 resulted in $1.2 million in losses.
The complaint, which alleges Computer Fraud and Abuse Act violations, computer tampering, breach of contract, negligence and unjust enrichment, seeks actual and punitive damages and any other relief the court may deem proper.
Maritz is represented by Jan Paul Miller, Brian Lamping and Elise Puma of Thompson Coburn in St. Louis.