AIG leads Capital One’s cyber liability coverage

I’ll be interested to see what actually gets covered in this case. The general rule in Europe is that you cannot insure against fines and penalties but this needs to be clarified…:

[…] Representatives for the insurers, either had no comment or could not immediately be reached. Capital One did not respond to requests for comment.

Meanwhile, Capital One and affiliates face allegation of negligence among other things in at least three putative class action lawsuits that have been filed in U.S. District Courts for the District of Columbia, in Alexandria, Virginia, and in Oakland, California.

In the most recent of the cases, Aimee Aballo and Seth Zielicke v. Capital One Financial Corp. et al., which was filed last Thursday, GitHub Inc., a unit of Microsoft Corp., is also named as a defendant.

According to this complaint, the hacked data was available on San Francisco-based GitHub’s website for three months, where it had been placed by the hacker, but GitHub neither removed the information, nor informed any victims. Capital One learned of the hack from a GitHub user, according to the litigation.

GitHub, which provides software development hosting services, said in a statement it “promptly investigates content” once it is reported and it removes anything that violates its terms of service.

“The file posted on GitHub in this incident did not contain any Social Security numbers, bank account information, or any other reportedly stolen personal information.

“We received a request from Capital One to remove content containing information about the methods used to steal the data, which we took down promptly after receiving their request,” the company said.

[…]

Original article here