GitHub Named in Capital One Breach Lawsuit

A new lawsuit says that GitHub bears responsibility for the Capital One breach because it actively encourages hacking and stored stolen data.



The fallout from the Capital One data breach continues, with a recent class-action lawsuit naming the financial giant — and GitHub, the online data repository that has become central to many companies' agile and devops coding efforts.

The lawsuit, filed in US District Court for the Northern District of California, claims that GitHub (now owned by Microsoft) "actively encourages" hackers,  and that this active encouragement means that it has a higher responsibility than most repositories to scan uploaded files for dangerous or illicit data.

According to the lawsuit, files containing information on the methods used in the breach were uploaded to the site in April, but not removed until July, when GitHub was alerted by Capital One.

In a statement to Dark Reading, GitHub said, "GitHub promptly investigates content, once it's reported to us, and removes anything that violates our Terms of Service. The file posted on GitHub in this incident did not contain any Social Security numbers, bank account information, or any other reportedly stolen personal information. We received a request from Capital One to remove content containing information about the methods used to steal the data, which we took down promptly after receiving their request."

The suit is depending on a standard of "morally culpable," as opposed to "legally culpable," which is a commonly used legal standard. 

For more, read here and here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service