Wednesday , February 1 2023

Capital One and GitHub have been sued for major data breaches


Capital One and Microsoft-owned GitHub are facing legal action for not doing enough to protect the personal information of more than 100 million bank customers affected by a massive data breach.

The case was filed Thursday in federal district court on behalf of plaintiffs Aimee Aballo and Seth Zielicke, though if granted claim status it could include 106 million Capital One clients, which the bank opened this week, are affected by the breach in question. .

The lawsuit alleges that both companies should be held responsible for failing to exercise reasonable care in "protecting and protecting the claimants' and class's personal information," although Capital One has not yet notified customers whose information has been compromised.

"This is the result of the negligence of two companies that are complex and should do better," lead plaintiff lawyer Sabita Soneji told Business Insider. "They have shaken their obligation to protect this data."

Read more: The woman accused of stealing 100 million people clings to the FBI with fanciful praise on Twitter, GitHub and Slack

Although the massive data breach became clear this week, access to customer information was in March, according to the initial criminal complaint in the case. The same complaint showed that Capital One only knew about the data breach due to an email tip earlier this month by an "outside security researcher" who found client data published on GitHub, owned by Microsoft's code sharing platform.

The documents also say that the alleged hacker in this case, a former Amazon Web Services employee named Paige Thompson, boasted of stealing Capital One data on his GitHub page.

The court case alleges that GitHub should have been able to identify and remove "apparently hacked data" posted on its website. Instead, the data sat on a "publicly accessible website" for nearly three months before the user reported it to Capital One, the case alleges.

In addition, GitHub is being wronged by the lawsuit that there are no content moderators – like those on Facebook, YouTube and Twitter – whose job it is to monitor policy-breaking and behavioral publishing platforms and be downloaded. If GitHub had such moderators, identifying something as simple as nine-digit Social Security numbers would be much easier to identify, the case claims.

"There is still an obligation to monitor your site. This is a place that encourages developers to leave data and code, "lead lawyer Soneji told Business Insider. "If they host a platform, they should do better."

The court case also states that Capital One reported data breaches in November 2014, August 2017 and February 2018.

"The plaintiffs and class members were foreseeable victims of inadequate Capital One data security practices and actually suffered damage caused by a breach of Capital One's obligations," the court said.

The lawsuit says the plaintiffs are seeking "compensatory, consequential, general and nominal damages" of at least $ 5 million, according to court documents.

Neither Capital One nor Microsoft, which owns Github, responded to Business Insider's request for comment.

Source link