Hacking Class Actions: The Github Case
Let the GitHub class actions begin!
Tycko & Zavareeri, a D.C.-based law firm, recently filed a class-action lawsuit against GitHub over hacked information posted by a third-party user. The case will either open the door for a slew of similar hacking class actions or crash and burn badly.
Why Are People Suing GitHub Over Hacking?
The class action against GitHub stems from the Capital One breach that exposed the personal data of millions. Since someone posted the breach bounty to GitHub, and it stayed up for months, a group of affected parties is arguing that the online platform “actively encourages (at least) friendly hacking.”
The lawsuit further admonishes:
GitHub Should Have Removed SS Numbers ASAP: “GitHub had an obligation, under California law, to keep off (or to remove from) its site Social Security numbers and other Personal Information.”
GitHub Encouraged Hacking: “GitHub knew or should have known that obviously hacked data had been posted to GitHub.com. Indeed, GitHub actively encourages (at least) friendly hacking as evidenced by, inter alia, ‘GitHub.com’s ”Awesome Hacking” page.”
GitHub Should Have Been More Active in Weeding out PII: “GitHub knew or should have known that the Personal Information of Plaintiffs and the Class was sensitive information that is valuable to identity thieves and cyber criminals. GitHub also knew of the serious harms that could result through the wrongful disclosure of the Personal Information of Plaintiffs and the Class.”
GitHub Should Have Known Better: “As an entity that not only allows for such sensitive information to be instantly, publicly displayed, but one that also arguably encourages it, GitHub is morally culpable, given the prominence of security breaches today, particularly in the financial industry.”
The claimants contend that GitHub should have continuously scanned it’s servers for “sensitive info” since it’s allegedly a popular platform for hackers to congregate.
Who Will Win this GitHub Class Action?
‘We’re not soothsayers, so it’s impossible to predict, with certainty, who will emerge victorious in this GitHub class action. That said, with caveats in place, this likely won’t be a win for the class. What’s the case’s weak link? The claimants are citing “moral” culpability. However, that’s not an actionable accusation when it comes to this type of law.
Is This All about the Benjamin’s?
Many legal watchers have hinted at the waft of avarice circling this class action. After all, it wasn’t too long ago that Microsoft scooped up the development platform for a cool $7.5 billion. Could an acquisitive urge be fueling this GitHub class action? Some people say yes, others insist it’s a matter of rightfully punishing platforms that don’t take personal privacy seriously enough.
Section 230 of the Communications Decency Act will Likely Indemnify Microsoft
It’s the law that many credit for creating today’s Internet, because without it, the Web may have been litigated out of existence.
How does it work?
Section 230 of the Communications Decency Act protects user-based, digital platforms from being held accountable for third-party content violations. For example, it’s the law that protects Facebook from being sued every time someone posts a defamatory comment or uploads a copyrighted image without permission. Without Section 230, litigation would have snuffed out innovation.
Our initial analysis of this case is just conjecture. As new evidence presents itself, it may shade the ultimate outcome. Either way, we’ll be keeping an eye on this GitHub class action and similar claims making their way through the courts.
Lawsuit link: https://assets.documentcloud.org/documents/6239390/V-Github.pdf