Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Dr.T
Dr.T,
User Rank: Ninja
9/25/2017 | 11:36:09 AM
Re: Information vs Money
If a thief steals your money you don't have to prove they spent it only that they stole it. That makes sense, I wonder where the judge is coming from. Very strange decision.
Dr.T
Dr.T,
User Rank: Ninja
9/25/2017 | 11:34:55 AM
Re: Interesting
Lawyers love this stuff Yes, it does not make sense and confuses the public, that would help lawyers.
Dr.T
Dr.T,
User Rank: Ninja
9/25/2017 | 11:33:37 AM
Strange
The workers won't be able to sue because they cannot show the stolen data has been used by attackers This is new for me, so breach can happen but if data is not used that would not be consider an issue. Interesting.
REISEN1955
REISEN1955,
User Rank: Ninja
9/22/2017 | 2:39:41 PM
Re: Based on outcome
There is also a time-value on WHEN an attacker decides to use that stolen Mastercard number of SS number is there not?  An actor may wait weeks or months or have to dig through the 143 million stolen from Equifax before action is indeed taken.  Theft is theft - and break-in is theft writ large.  This is quite a legal tangle!!!  Kinda like stealing a car out of a driveway without breaking the window but parking it around the block until, oh, one night when it is sold for parts!!!  When IS the criminal act perfrmed?  
RyanSepe
RyanSepe,
User Rank: Ninja
9/22/2017 | 8:28:02 AM
Based on outcome
I understand that this judgement was made based on the lack of evidence that attackers maliciously used the data in question but is there a statute of limitation for instances like this?
gwilson001
gwilson001,
User Rank: Strategist
9/21/2017 | 2:06:00 PM
Re: Interesting
That is the underlying threat here - a precedent that Equifax will surely jump on to ward off the class action suits against them.  This was a shortsighted decision by a Judge that clearly does not understand the problem or the the impact this stupid decision will have on millions of victims of the Equifax and other future data thefts.

This is a common probelm, the judiciary does not understand technology and they consequently make idiotic rulings based on that lack of understanding.  This could let Equifax off the hook as far as civil actions are concerned.  unfortunate because Equifax should not be allowed to continue as a business - they cannot be trusted with sensitive data we have not given them explicit permission to aggreagate and store.
REISEN1955
REISEN1955,
User Rank: Ninja
9/21/2017 | 12:41:35 PM
Re: Information vs Money
Good point - information theft is invisible if compared to car or money theft.  If a thief breaks into your home, that is a robbery.  If a thief steals a garden hose outside, that is theft.  There is a difference.  Information is invisible of course but if you went to your ATM and instead of seeing $33,202 in savings and there is $-29.33 there, I would think legal recourse has to be taken somewhere.  A thief broke INTO SOMETHING to get your data.  The thief did NOT RETRIEVE YOUR ATM CARD from the street.  Same difference.  

The answer to your question is WHO was guarding the vault?  Who has responsibility for the vault?  If i leave my house wide open with a sign saying MONEY IN HERE, then I am clearly at fault.  Same with Experian to a degree.
tim77
tim77,
User Rank: Apprentice
9/21/2017 | 12:25:18 PM
Information vs Money
Why should one have to prove they are damaged by having their information stolen? If a thief steals your money you don't have to prove they spent it only that they stole it. Information should be treated in the same manner!
REISEN1955
REISEN1955,
User Rank: Ninja
9/21/2017 | 9:40:34 AM
Interesting
Workers cannot sue because of a data breach.  Read that: PEOPLE cannot sue over a data breach - Equifax.  This could have enormous legal consequences - something to watch.  (Lawyers love this stuff).
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-39044
PUBLISHED: 2022-12-07
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and ea...
CVE-2022-40966
PUBLISHED: 2022-12-07
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and earlier, WHR-HP-GN fir...
CVE-2022-42458
PUBLISHED: 2022-12-07
Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered.
CVE-2022-45910
PUBLISHED: 2022-12-07
Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) durin...
CVE-2022-34840
PUBLISHED: 2022-12-07
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00 and earlier, WZR-600...