Law firm Tycko & Zavareei filed a lawsuit , Related to personal data of more than 100 million clients of the banking holding Capital One, including information about about 140 social security numbers and 80 bank account numbers. In addition to Capital One among the defendants GitHub, which is charged with providing the ability to host, display and use information obtained as a result of a hack.
According to the plaintiff, GitHub is required to comply with current US law prohibiting the public posting of social security numbers of users. In particular, since social security numbers are fixed format, the company should have provided filters to detect whether users posted leaks and blocked them without waiting for official notifications.
Representatives of GitHub stated that the information of the plaintiff is not true and that personal data obtained as a result of the leak was not placed on GitHub. One of the repositories only contained instructions for retrieving data, which actually remained in the database hosted in the Amazon S3 cloud service. Due to an improperly configured firewall that restricts access to web applications, it was possible to access storage in Amazon S3. Upon the first notice from Capital One, the posted instructions were removed from GitHub.
Also in the course of the proceedings Paige Thompson, a former Amazon employee who discovered the problem in March and posted on GitHub in April to gain access. Details describing the problem remained on GitHub from April 21 to mid-July. Capital One is charged with improper monitoring of unauthorized access, which led to the fact that the leak went unnoticed for about three months.
Source: opennet.ru