OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will ...

Network Computing Dark Reading

Advertise

About Us

Newest First | Oldest First | Threaded View

[close this box]

<< < Page 2 / 2

Dr.T,
User Rank: Ninja
9/25/2017 | 11:36:09 AM

Re: Information vs Money

“If a thief steals your money you don't have to prove they spent it only that they stole it. “ That makes sense, I wonder where the judge is coming from. Very strange decision.

Dr.T,
User Rank: Ninja
9/25/2017 | 11:34:55 AM

Re: Interesting

“Lawyers love this stuff” Yes, it does not make sense and confuses the public, that would help lawyers.

Dr.T,
User Rank: Ninja
9/25/2017 | 11:33:37 AM

Strange

“The workers won't be able to sue because they cannot show the stolen data has been used by attackers” This is new for me, so breach can happen but if data is not used that would not be consider an issue. Interesting.

REISEN1955,
User Rank: Ninja
9/22/2017 | 2:39:41 PM

Re: Based on outcome

There is also a time-value on WHEN an attacker decides to use that stolen Mastercard number of SS number is there not? An actor may wait weeks or months or have to dig through the 143 million stolen from Equifax before action is indeed taken. Theft is theft - and break-in is theft writ large. This is quite a legal tangle!!! Kinda like stealing a car out of a driveway without breaking the window but parking it around the block until, oh, one night when it is sold for parts!!! When IS the criminal act perfrmed?

RyanSepe,
User Rank: Ninja
9/22/2017 | 8:28:02 AM

Based on outcome

I understand that this judgement was made based on the lack of evidence that attackers maliciously used the data in question but is there a statute of limitation for instances like this?

gwilson001,
User Rank: Strategist
9/21/2017 | 2:06:00 PM

Re: Interesting

That is the underlying threat here - a precedent that Equifax will surely jump on to ward off the class action suits against them. This was a shortsighted decision by a Judge that clearly does not understand the problem or the the impact this stupid decision will have on millions of victims of the Equifax and other future data thefts.

This is a common probelm, the judiciary does not understand technology and they consequently make idiotic rulings based on that lack of understanding. This could let Equifax off the hook as far as civil actions are concerned. unfortunate because Equifax should not be allowed to continue as a business - they cannot be trusted with sensitive data we have not given them explicit permission to aggreagate and store.

REISEN1955,
User Rank: Ninja
9/21/2017 | 12:41:35 PM

Re: Information vs Money

Good point - information theft is invisible if compared to car or money theft. If a thief breaks into your home, that is a robbery. If a thief steals a garden hose outside, that is theft. There is a difference. Information is invisible of course but if you went to your ATM and instead of seeing $33,202 in savings and there is $-29.33 there, I would think legal recourse has to be taken somewhere. A thief broke INTO SOMETHING to get your data. The thief did NOT RETRIEVE YOUR ATM CARD from the street. Same difference.

The answer to your question is WHO was guarding the vault? Who has responsibility for the vault? If i leave my house wide open with a sign saying MONEY IN HERE, then I am clearly at fault. Same with Experian to a degree.

tim77,
User Rank: Apprentice
9/21/2017 | 12:25:18 PM

Information vs Money

Why should one have to prove they are damaged by having their information stolen? If a thief steals your money you don't have to prove they spent it only that they stole it. Information should be treated in the same manner!

REISEN1955,
User Rank: Ninja
9/21/2017 | 9:40:34 AM

Interesting

Workers cannot sue because of a data breach. Read that: PEOPLE cannot sue over a data breach - Equifax. This could have enormous legal consequences - something to watch. (Lawyers love this stuff).

<< < Page 2 / 2

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Black Hat USA - August 5-10 - Learn More

Black Hat Asia - May 9-12 - Learn More

More Informa Tech Live Events

White Papers

The Relationship Between Security Maturity and Business Enablement

Causes and Consequences of IT and OT Convergence

IT/OT Convergence Enables Security Operations Synergies

Cloud Journey Migration Stage: Adaptive Cloud Security

Cloud Incident Response Datasheet

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

The 10 Most Impactful Types of Vulnerabilities for Enterprises Today

Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2023-1142
PUBLISHED: 2023-03-27

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.

CVE-2023-1143
PUBLISHED: 2023-03-27

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.

CVE-2023-1144
PUBLISHED: 2023-03-27

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.

CVE-2023-1145
PUBLISHED: 2023-03-27

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.

CVE-2023-1655
PUBLISHED: 2023-03-27

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]