GitHub and Capital One Sued Over Failure to Protect Sensitive Customer Data

  • A lawsuit against GitHub and Capital One requests a trial by jury as well as damage compensation.
  • The plaintiffs accuse GitHub of negligence and failure to stop PII propagation through their platform.
  • GitHub denies that the shared data was sensitive, and claims they have promptly removed it anyway.

Last week, we reported about Capital One suffering a data breach that resulted in the leaking of highly sensitive data of 106 million US and Canada citizens. According to what FBI stated, the hacker behind the breach had already been arrested and is identified as Paige Thompson, a former Amazon employee from Seattle. After stealing the data, the hacker moved to, where she boasted about her access to the bank’s network and openly shared the data by posting them in a GitHub repository named “Awesome Hacking”.

This has resulted in a lawsuit being submitted by Tycko & Zavareei LLP to the California District Court on behalf of Seth Zielicke and Aimee Aballo. The complaint is against Capital One and GitHub, and both are facing the music because they have failed to safeguard the sensitive information of the plaintiffs. GitHub is accused of negligence, encouraging of hacking, and failure to implement processes that would detect and remove publications of leaked confidential information in a timely manner. As the lawsuit writes, GitHub knew or should have known that the PII (personal identifying information) of the plaintiffs was sensitive information and could result in serious harms for the affected people if disclosed. As the complaint correctly points out, this comes in direct opposition to GitHub’s own Terms of Service, let alone federal (Wiretap Act) and state regulations (two Californian Civil Codes).

While the content has been removed by GitHub upon the reception of the associated notice from Capital One, the plaintiffs consider the time taken for the removal as overly excessive, and more than enough for their PII to be propagated to many more malicious actors that could have visited the “Awesome Hacking!” repository in the meantime. Still, GitHub maintains that no sensitive data such as bank account details, social security numbers, or any other critical information was shared through the particular repository.

The plaintiffs demand a trial by jury, the awarding of statutory damages, as well as exemplary damages. Reasonable attorney fees and all relevant expenses are also included in the prayer for relief. What the California court will decide now remains to be seen, but with the number of people who have found themselves in a dire position due to this recent breach, the total sum of the awarded damages could reach an overwhelming amount, and one that would put GitHub into serious trouble.

Do you think that targeting GitHub is fair in this case, or was there nothing that the developer portal could do in order to prevent the information from leaking further out? Let us know of your comments in the section down below, or on our socials, on Facebook and Twitter.


Recent Articles

Xiaomi Looking to Deploy Massive Upgrades on the MIUI 12 Camera App

Xiaomi wants to make the MIUI 12 Camera app as exciting as it can be, and is experimenting with a set of new...

Cerberus Was Found Lurking on the Google Play Store

The Cerberus app wore the sheepskin of a Spanish currency converter app and entered the Play Store. The app followed the tactic...

The “Music Mission” Anti-Piracy Campaign Makes Stunning Revelations

The “Music Mission” has released its first findings around pirating platforms, and the size of some is startling. What is more alarming...

The Vast Majority of Home Routers Are Vulnerable in One Way or Another

Many router models that are sold in Europe are vulnerable to exploitation using known flaws. Most vendors are using unsafe securing methods,...

H.266/VVC Codec Officially Announced – Bringing Higher Quality Video While Drastically Reducing Data Consumption

Currently, the H.265 HEVC is the most popular video codec in consumer devices, processing over 90% of video bits on the global level. ...