A class action lawsuit is currently being filed in California against Capital One Bank, after piracy of the personal data of more than 106 million people. The complainants also cite the GitHub platform which, according to them, allowed the dissemination of this information for several months without intervening.
New bounce in the data piracy case of Capital One by Paige Thompson, aka “Erratic”. Arrested by the FBI on July 29, she had stolen personal data from more than 100 million Americans.
GitHub targeted by Capital One complaint
This week, a class action suit was filed in California against Capital One Bank and the GitHub platform. The US bank is accused of failing to secure or prevent the security breach that allowed Paige A. Thompson to steal personal data from more than 106 million of her clients.
Concerning GitHub, the complainants accuse it of having let run, from April 21 2019 until mid-July, the publication of the details of this large-scale piracy, in violation of the federal law “Wiretap Act”. According to the complainants, ” the decisions of the GitHub management (…) have allowed the pirated data to be published, displayed, used and / or otherwise available “.
Indeed, the California law prohibits the platform – as to others – the display of personal data, including social security numbers. It thus requires the immediate deletion of such information when it is disclosed publicly on a site. Since the social security numbers have a fixed format, the complainants believe that GitHub should have identified and deleted them automatically.
Already contradictory information
However, Capital One and GitHub ensure, in a single voice, that the data uploaded to the platform contained no personal information. This would only be the precise methodology used by Paige A. Thompson to steal victim’s data.
Capital One may be worried because of the gaping security flaws in its system, already pinned in November 2014, July 2017 and September 2017, GitHub seems out of danger. Indeed, it will be difficult for complainants to prove that the platform has promoted hacking.
In addition, the GitHub policy states that it is the users who are responsible for compliance with the rules and conditions of use, not the platform itself. There is ultimately little chance that she will be found guilty in this trial.