in Newswire Published on August 5, 2019

Latest Capital One Data Breach Class Action Alleges GitHub ‘Encourages’ Hacking

by Corrado Rizzi

View Comments

Aballo et al. v. Capital One Financial Corporation et al.

Filed: August 1, 2019 § 4:19-cv-04475

Read Complaint

A class action filed over the Capital One data breach alleges web services platform GitHub shares some of the blame for failing to catch that consumers' hacked data was post on its website.

Defendant(s)

Capital One Bank USA, N.A. Capital One, N.A. Capital One Financial Corporation GitHub, Inc.

Law(s)

State(s)

California

Categories

Business/Finance Privacy Data Breach

Another proposed class action lawsuit filed in the wake of the Capital One data breach alleges GitHub, the website on which the hacked personal information of roughly 100 million of the bank’s customers lived for nearly three months before being discovered, “encourages” or is at least friendly to hacking. The 27-page complaint out of California claims GitHub shares some of the blame for the cyber incident in that it failed to “monitor, remove or otherwise recognize and act upon” the Capital One customer data on its website.

According to the lawsuit, a former Amazon Web Services employee gained access to Capital One’s databases and stole customer data sometime in March 2019. In April, the hacker, who now faces criminal charges, allegedly posted the stolen data on GitHub.com, a widely used, Microsoft-owned collaboration platform for web developers. According to the case, Capital One did not begin to look into the cyber incident until around July 17, when it received an email from a GitHub user alerting it to the leaked customer data.

For its part, GitHub, the lawsuit says, “never alerted any victims” that their data was exposed and posted on its website. The platform also took no steps to remove the stolen data, the case adds.

“Instead, the hacked data was available on GitHub.com for three months,” the complaint states.

Further, the lawsuit charges, GitHub did not even suspend the account of the hacker believed to be responsible for the data breach “even though it knew or should have known that the hacker had breached” the platform’s Terms of Service.

Among the information allegedly accessed during the breach were names, addresses, zip codes, birth dates, self-reported incomes, and other details provided to Capital One through credit card applications. Other customer data accessed includes credit scores, balances, payment histories, roughly 140,000 Social Security numbers and approximately 80,000 bank account numbers, the complaint says.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on August 5, 2019 — 3:11 PM

Corrado Rizzi

corrado@classaction.org

Corrado Rizzi is the Senior Managing Editor of ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.