Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/21/2017 | 9:40:34 AM
Interesting
Workers cannot sue because of a data breach.  Read that: PEOPLE cannot sue over a data breach - Equifax.  This could have enormous legal consequences - something to watch.  (Lawyers love this stuff).
tim77
50%
50%
tim77,
User Rank: Apprentice
9/21/2017 | 12:25:18 PM
Information vs Money
Why should one have to prove they are damaged by having their information stolen? If a thief steals your money you don't have to prove they spent it only that they stole it. Information should be treated in the same manner!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/21/2017 | 12:41:35 PM
Re: Information vs Money
Good point - information theft is invisible if compared to car or money theft.  If a thief breaks into your home, that is a robbery.  If a thief steals a garden hose outside, that is theft.  There is a difference.  Information is invisible of course but if you went to your ATM and instead of seeing $33,202 in savings and there is $-29.33 there, I would think legal recourse has to be taken somewhere.  A thief broke INTO SOMETHING to get your data.  The thief did NOT RETRIEVE YOUR ATM CARD from the street.  Same difference.  

The answer to your question is WHO was guarding the vault?  Who has responsibility for the vault?  If i leave my house wide open with a sign saying MONEY IN HERE, then I am clearly at fault.  Same with Experian to a degree.
gwilson001
50%
50%
gwilson001,
User Rank: Strategist
9/21/2017 | 2:06:00 PM
Re: Interesting
That is the underlying threat here - a precedent that Equifax will surely jump on to ward off the class action suits against them.  This was a shortsighted decision by a Judge that clearly does not understand the problem or the the impact this stupid decision will have on millions of victims of the Equifax and other future data thefts.

This is a common probelm, the judiciary does not understand technology and they consequently make idiotic rulings based on that lack of understanding.  This could let Equifax off the hook as far as civil actions are concerned.  unfortunate because Equifax should not be allowed to continue as a business - they cannot be trusted with sensitive data we have not given them explicit permission to aggreagate and store.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/22/2017 | 8:28:02 AM
Based on outcome
I understand that this judgement was made based on the lack of evidence that attackers maliciously used the data in question but is there a statute of limitation for instances like this?
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
9/22/2017 | 2:39:41 PM
Re: Based on outcome
There is also a time-value on WHEN an attacker decides to use that stolen Mastercard number of SS number is there not?  An actor may wait weeks or months or have to dig through the 143 million stolen from Equifax before action is indeed taken.  Theft is theft - and break-in is theft writ large.  This is quite a legal tangle!!!  Kinda like stealing a car out of a driveway without breaking the window but parking it around the block until, oh, one night when it is sold for parts!!!  When IS the criminal act perfrmed?  
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:33:37 AM
Strange
The workers won't be able to sue because they cannot show the stolen data has been used by attackers This is new for me, so breach can happen but if data is not used that would not be consider an issue. Interesting.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:34:55 AM
Re: Interesting
Lawyers love this stuff Yes, it does not make sense and confuses the public, that would help lawyers.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:36:09 AM
Re: Information vs Money
If a thief steals your money you don't have to prove they spent it only that they stole it. That makes sense, I wonder where the judge is coming from. Very strange decision.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
9/25/2017 | 11:38:51 AM
Re: Information vs Money
information theft is invisible if compared to car or money theft That makes sense however data/information is value to the owners of that, and stolen so there should be consequence on that.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24918
PUBLISHED: 2021-11-29
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.
CVE-2021-24927
PUBLISHED: 2021-11-29
The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
CVE-2017-20008
PUBLISHED: 2021-11-29
The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2021-24745
PUBLISHED: 2021-11-29
The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as contributor to perform Cross-Site Scripting attacks.
CVE-2021-24748
PUBLISHED: 2021-11-29
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues