Law firm Tycko & Zavareei filed a lawsuit
According to the plaintiff, GitHub is required to comply with current US law prohibiting the public posting of social security numbers of users. In particular, since social security numbers are fixed format, the company should have provided filters to detect whether users posted leaks and blocked them without waiting for official notifications.
Representatives of GitHub stated that the information of the plaintiff is not true and that personal data obtained as a result of the leak was not placed on GitHub. One of the repositories only contained instructions for retrieving data, which actually remained in the database hosted in the Amazon S3 cloud service. Due to an improperly configured firewall that restricts access to web applications, it was possible to access storage in Amazon S3. Upon the first notice from Capital One, the posted instructions were removed from GitHub.
Also in the course of the proceedings
Source: opennet.ru