The Latest / Data Security News

GitHub Named in Capital One Hack Lawsuit

August 27, 2019

The Capital One hack saw the details of potentially 106 million users stolen earlier this year. In the class action lawsuit that has followed, not just Capital One have been named, but GitHub too. GitHub is a hosting service, and it is alleged the platform should have done more to stop the data breach.

GitHub Named in Capital One Hack Lawsuit

GitHub to blame as much as Capital One?

The class action lawsuit that has been filed puts just as much blame on GitHub for the Capital One hack as it does Capital one itself. The lawsuit claims the hosting service provider is just as complicit in the exposure of people’s personal data. It claims GitHub should have spotted the data and removed it earlier.

In the Capital One Hack, 140,000 social security numbers and 80,000 bank account numbers were put at risk. The class action lawsuit claims GitHub hosted these personal details for 3 months before they were removed.

GitHub dispute this account. According to the company, the details from the Capital one hack where never actually hosted on its platform. The post on GitHub related to the Capital One hack was a file explaining how the hack was done. The stolen information itself was not posted. It was through this explanatory post the hack itself was discovered. GitHub said in response to the lawsuit:

“The file posted on GitHub in this incident did not contain any Social Security numbers, bank account information, or any other reportedly stolen personal information. We received a request from Capital One to remove content containing information about the methods used to steal the data, which we took down promptly after receiving their request.”

The lawsuit’s claims seem to be unfounded.

Security and Responsibilities

While the stolen data was not posted on the site in this occasion, there is no doubt GiHub has been host to stolen data in the past, but so has every other file hosting service or social media platform. If they start to regularly become embroiled in data breach lawsuits like the Capital One Hack, who knows what the consequences might be? Should such platforms, like GitHub be culpable when it is individual users who are breaking terms of condition and acting illegally?

GitHub has shown in recent weeks it takes cyber security seriously. It is one of the latest organizations to support the WebAuthn security standard. The company clearly values security, and in the particular case of the current lawsuit against it, does not seem to be in the wrong.

This lawsuit might not come to anything, but it could set a precedent worth keeping an eye on. Hosting platforms should take note that they might be dragged in and get blamed for data breaches if they do nothing to prevent stolen personal data being posted on their sites.