CLASS ACTION LAWSUITS HOPES TO HOLD GITHUB RESPONSIBLE FOR HOSTING DATA FROM CAPITAL ONE BREACH | WHAT REALLY HAPPENED

CLASS ACTION LAWSUITS HOPES TO HOLD GITHUB RESPONSIBLE FOR HOSTING DATA FROM CAPITAL ONE BREACH

SOURCE: TIM CUSHING @ TECH DIRT
As soon as the Capital One breach was announced, you knew the lawsuits would follow. Handling the sensitive info of millions of people carelessly is guaranteed to net the handler a class-action lawsuit or two, but this one -- filed by law firm Tycko & Zavareeri -- adds a new twist.

The 28-page lawsuit filed Thursday in the U.S. District Court for the Northern District of California asserted that GitHub "actively encourages (at least) friendly hacking."

It notes that the hacked Capital One information was posted online for months and alleges that the company violated state law to remove the information. "GitHub had an obligation, under California law, to keep off (or to remove from) its site Social Security numbers and other Personal Information," the suit says

Weird legal theory, but one that could possibly to be stretched to target some of the $7.5 billion Microsoft paid to acquire GitHub. But it takes a lot of novel legal arguments to hold a third party responsible for content posted by a user, even if the content contained a ton of sensitive personal info.

The lawsuit [PDF] alleges GitHub knew about the contents of this posting since the middle of April, but did not remove it until the middle of July after being notified of its contents by another GitHub user. The theory the law firm is pushing is that GitHub was obligated to scan uploads for "sensitive info" and proactively remove third-party content. The lawsuit argues GitHub is more obligated than most because (gasp!) it encourages hacking and hackers.

GitHub knew or should have known that obviously hacked data had been posted to GitHub.com. Indeed, GitHub actively encourages (at least) friendly hacking as evidenced by, inter alia, GitHub.com’s “Awesome Hacking” page.

Webmaster's Commentary: 

(Sigh) why don't companies take better care of the data they mine?!?One would think that in the 21st century, breaches like this would not happen, but yet, it seems to happen on a pretty basis.

Comments

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA