Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:36:09 AM
Re: Information vs Money
If a thief steals your money you don't have to prove they spent it only that they stole it. That makes sense, I wonder where the judge is coming from. Very strange decision.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:34:55 AM
Re: Interesting
Lawyers love this stuff Yes, it does not make sense and confuses the public, that would help lawyers.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:33:37 AM
Strange
The workers won't be able to sue because they cannot show the stolen data has been used by attackers This is new for me, so breach can happen but if data is not used that would not be consider an issue. Interesting.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/22/2017 | 2:39:41 PM
Re: Based on outcome
There is also a time-value on WHEN an attacker decides to use that stolen Mastercard number of SS number is there not?  An actor may wait weeks or months or have to dig through the 143 million stolen from Equifax before action is indeed taken.  Theft is theft - and break-in is theft writ large.  This is quite a legal tangle!!!  Kinda like stealing a car out of a driveway without breaking the window but parking it around the block until, oh, one night when it is sold for parts!!!  When IS the criminal act perfrmed?  
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/22/2017 | 8:28:02 AM
Based on outcome
I understand that this judgement was made based on the lack of evidence that attackers maliciously used the data in question but is there a statute of limitation for instances like this?
gwilson001
50%
50%
gwilson001,
User Rank: Strategist
9/21/2017 | 2:06:00 PM
Re: Interesting
That is the underlying threat here - a precedent that Equifax will surely jump on to ward off the class action suits against them.  This was a shortsighted decision by a Judge that clearly does not understand the problem or the the impact this stupid decision will have on millions of victims of the Equifax and other future data thefts.

This is a common probelm, the judiciary does not understand technology and they consequently make idiotic rulings based on that lack of understanding.  This could let Equifax off the hook as far as civil actions are concerned.  unfortunate because Equifax should not be allowed to continue as a business - they cannot be trusted with sensitive data we have not given them explicit permission to aggreagate and store.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/21/2017 | 12:41:35 PM
Re: Information vs Money
Good point - information theft is invisible if compared to car or money theft.  If a thief breaks into your home, that is a robbery.  If a thief steals a garden hose outside, that is theft.  There is a difference.  Information is invisible of course but if you went to your ATM and instead of seeing $33,202 in savings and there is $-29.33 there, I would think legal recourse has to be taken somewhere.  A thief broke INTO SOMETHING to get your data.  The thief did NOT RETRIEVE YOUR ATM CARD from the street.  Same difference.  

The answer to your question is WHO was guarding the vault?  Who has responsibility for the vault?  If i leave my house wide open with a sign saying MONEY IN HERE, then I am clearly at fault.  Same with Experian to a degree.
tim77
50%
50%
tim77,
User Rank: Apprentice
9/21/2017 | 12:25:18 PM
Information vs Money
Why should one have to prove they are damaged by having their information stolen? If a thief steals your money you don't have to prove they spent it only that they stole it. Information should be treated in the same manner!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/21/2017 | 9:40:34 AM
Interesting
Workers cannot sue because of a data breach.  Read that: PEOPLE cannot sue over a data breach - Equifax.  This could have enormous legal consequences - something to watch.  (Lawyers love this stuff).
<<   <   Page 2 / 2


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11494
PUBLISHED: 2020-04-02
An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel through 5.6.2. It allows attackers to read uninitialized can_frame data, potentially containing sensitive information from kernel stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka CID-b9258a2cece4.
CVE-2020-7619
PUBLISHED: 2020-04-02
get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data.
CVE-2020-7620
PUBLISHED: 2020-04-02
pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params.
CVE-2020-7621
PUBLISHED: 2020-04-02
strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function.
CVE-2020-7623
PUBLISHED: 2020-04-02
jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument.