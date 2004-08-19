from the you-get-a-lawsuit-and-you-get-a-lawsuit...everyone-gets-a-lawsuit dept.
The law firm Tycko & Zavareei LLP filed the lawsuit on Thursday, arguing that GitHub and Capital One demonstrated negligence in their response to the breach.
The firm filed the class-action complaint on behalf of those impacted by the breach, alleging that both companies failed to protect customer data.
Personal information for tens of millions of customers was exposed after a firewall misconfiguration in an Amazon cloud storage service used by Capital One was exploited.
[...] “As a result of GitHub’s failure to monitor, remove, or otherwise recognize and act upon obviously-hacked data that was displayed, disclosed, and used on or by GitHub and its website, the Personal Information sat on GitHub.com for nearly three months,” the law firm alleged in its complaint against GitHub and Capital One.
The firm also alleged that computer logs “demonstrate that Capital One knew or should have known” about the data breach when it occurred in March, and criticized Capital One for not taking action to respond to the breach until last month.
Previously:
Capital One Target of Massive Data Breach
The Technical Side of the Capital One AWS Security Breach
Related Stories
Capital One target of massive data breach:
A hacker gained access to personal information from more than 100 million Capital One credit applications, the bank said Monday as federal authorities arrested a suspect in the case .
Paige A. Thompson — who also goes by the handle "erratic" — was charged with a single count of computer fraud and abuse in U.S. District Court in Seattle. Thompson made an initial appearance in court and was ordered to remain in custody pending a detention hearing Thursday.
The hacker got information including credit scores and balances plus the Social Security numbers of about 140,000 customers, the bank said. It will offer free credit monitoring services to those affected.
The FBI raided Thompson's residence Monday and seized digital devices. An initial search turned up files that referenced Capital One and "other entities that may have been targets of attempted or actual network intrusions."
[...] Capital One, based in McLean, Virginia, said Monday it found out about the vulnerability in its system July 19 and immediately sought help from law enforcement to catch the perpetrator.
According to the FBI complaint, someone emailed the bank two days before that notifying it that leaked data had appeared on the code-hosting site GitHub, which is owned by Microsoft.
And a month before that, the FBI said, a Twitter user who went by "erratic" sent Capital One direct messages warning about distributing the bank's data, including names, birthdates and Social Security numbers.
"Ive basically strapped myself with a bomb vest, (expletive) dropping capitol ones dox and admitting it," one [direct message] said. "I wanna distribute those buckets i think first."
Capital One said it believes it is unlikely that the information was used for fraud, but it will continue to investigate. The data breach affected about 100 million people in the U.S. and 6 million in Canada.
The bank said the bulk of the hacked data consisted of information supplied by consumers and small businesses who applied for credit cards between 2005 and early 2019. In addition to data such as phone numbers, email addresses, dates of birth and self-reported income, the hacker was also able to access credit scores, credit limits and balances, as well as fragments of transaction information from a total of 23 days in 2016, 2017 and 2018.
"While I am grateful that the perpetrator has been caught, I am deeply sorry for what has happened," said Capital One CEO Richard D. Fairbank. "I sincerely apologize for the understandable worry this incident must be causing those affected and I am committed to making it right."
By way of comparison, the United States population on July 30, 2019 was: 329,342,191.
Also at SiliconANGLE, Ars Technica, TechCrunch, The Verge
Submitted via IRC for AnonymousLuser
The Technical Side of the Capital One AWS Security Breach
On July 19th, 2019 Capital One got the red flag that every modern company hopes to avoid - their data had been breached. Over 106 million people affected. 140,000 Social Security numbers. 80,000 bank account numbers. 1,000,000 Social Insurance Numbers. Pretty messy right?
Unfortunately, the 19th wasn't when the breach occurred. It turns out that Paige Thompson, aka Erratic, had done the deed between March 22nd and March 23rd 2019. So almost 4 months earlier. In fact, it took an external tip for Capital One to realize something had happened.
Though the former Amazon employee has been arrested and is facing $250k in fines and 5 years in prison...it's left a lot of residual negativity. Why? Because of many of the companies who've suffered data breaches try to brush off the responsibility of hardening their infrastructures and applications to the increased cyber crime.
ANYHOW. You can read more about the case by just asking Google. We won't go into that anymore. We're here to talk about the TECHNICAL side of things.
(Score: 0) by Anonymous Coward on Sunday August 04, @05:57PM (1 child)
And this law firm has standing how?
(Score: 0) by Anonymous Coward on Sunday August 04, @06:19PM
All they need to do is find one name on the list that was downloaded.
(Score: 0) by Anonymous Coward on Sunday August 04, @06:16PM (2 children)
All this erratic incident looks very suspicious since the beginning. Paige Adele Thompson, a transgender, looks more like a heavy drug abuser, a white horse puppet. And what is Zion Preparatory Academy?
(Score: 0) by Anonymous Coward on Sunday August 04, @06:25PM (1 child)
Why oh why must the crazies come here. We have enough ignorance, don't need the batshit eating wackos too.
(Score: 0) by Anonymous Coward on Sunday August 04, @06:51PM
Ignorance is Strength.
(Score: 0) by Anonymous Coward on Sunday August 04, @06:21PM (2 children)
This so called 'breach' would not be that bad if banks and others wouldn't give such easy credit. Having my SS#, birthdate, address and even income would be significantly less valuable, if banks didn't give other people money just because they know that info.
There needs to be an easy way to hold banks accountable for giving credit to the wrong person; then all these breaches would be non-news.
The first thing I would do is force banks to NOT use SS# as an identifier.
(Score: 0) by Anonymous Coward on Sunday August 04, @06:41PM
i agree. these pieces of shit leak the data and then other scumbag banksters use it illegally to make more money. they are criminals more than the "evil hackers" who just picked up what these negligent fucks left laying around most of the time. if legislators weren't such criminals they would hold they buddies in the banks accountable. instead, they protect them against us.
also, if idiots let congress pass laws that say web services have to micromanage what other people post then the web is fucked.
(Score: 0) by Anonymous Coward on Sunday August 04, @06:53PM
what they are doing is worse, they are using SS# as a password - sue banks for libel next time they say you took money that you know you didn't - don't allow them to shift blame and expense with their made up 'identity theft' claim
(Score: 0) by Anonymous Coward on Sunday August 04, @06:43PM
They won't be happy until every web site has an army of censors sitting around checking for everything some geezer parasite thinks is bad practice or forbidden speech.