Jump to content

Search the Community

Showing results for tags 'lawsuit'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. Phished Healthcare Provider Takes Legal Action Against Amazon An American healthcare provider whose data was allegedly exfiltrated to an Amazon storage account by a cyber-attacker has taken legal action against Amazon. As many as 85,688 patient and employee records were compromised last week when a threat actor seemingly based in Ukraine struck SalusCare, the largest provider of behavioral healthcare services in Southwest Florida. The attacker is believed to have gained access to SalusCare's Microsoft 365 environment after an employee clicked a malicious link in a phishing email. The action allegedly triggered malware to exfiltrate SalusCare's entire database to two Amazon S3 storage buckets linked to the same Amazon AWS storage account. After being notified of the alleged illegal activity, Amazon froze access to the two S3 buckets believed to have been used in the attack. SalusCare requested access to the audit logs of the buckets as part of its investigation to determine precisely what data had been breached by the threat actor. However, Amazon refused to supply an audit log or a copy of the data stored in the S3 buckets as they do not belong to SalusCare. The healthcare provider responded to Amazon's refusal by filing a lawsuit in federal court on Wednesday seeking for Amazon to be compelled to provide SalusCare with the audit logs and a copy of the contents of the two S3 buckets. In the lawsuit, SalusCare also sought for Amazon to be ordered to permanently suspend the alleged attacker's access to the two S3 buckets allegedly containing the healthcare provider's swiped data. In its petition to the US District Court in Fort Myers, SalusCare argued that the sensitive data believed to have been stolen in the attack and stored in the buckets could be sold on the dark net and used to commit identity theft. “The files contain extremely personal and sensitive records of patients’ psychiatric and addiction counseling and treatment,” explained SalusCare. “The files also contain sensitive financial information such as social security numbers and credit card numbers of SalusCare patients and employees.” News-Press reports that a judge granted both of SalusCare's requests on Thursday. Source: Phished Healthcare Provider Takes Legal Action Against Amazon
  2. A federal judge on Friday approved a $650 million settlement of a privacy lawsuit against Facebook for allegedly using photo face-tagging and other biometric data without the permission of its users. U.S. District Judge James Donato approved the deal in a class-action lawsuit that was filed in Illinois in 2015. Nearly 1.6 million Facebook users in Illinois who submitted claims will be affected. Donato called it one of the largest settlements ever for a privacy violation. “It will put at least $345 into the hands of every class member interested in being compensated,” he wrote, calling it “a major win for consumers in the hotly contested area of digital privacy.” Jay Edelson, a Chicago attorney who filed the lawsuit, told the Chicago Tribune that the checks could be in the mail within two months unless the ruling is appealed. “We are pleased to have reached a settlement so we can move past this matter, which is in the best interest of our community and our shareholders,” Facebook, which is headquartered in the San Francisco Bay Area, said in a statement. The lawsuit accused the social media giant of violating an Illinois privacy law by failing to get consent before using facial-recognition technology to scan photos uploaded by users to create and store faces digitally. The state's Biometric Information Privacy Act allowed consumers to sue companies that didn't get permission before harvesting data such as faces and fingerprints. The case eventually wound up as a class-action lawsuit in California. Facebook has since changed its photo-tagging system. SOURCE
  3. Facebook sues two Chrome extension devs for scraping user data Facebook filed a lawsuit today in Portugal against browser extension maker Oink and Stuff. Image: Kon Karampelas Facebook filed a lawsuit today in Portugal against two Portuguese nationals for developing browser extensions that scraped user data from Facebook sites. "When people installed these extensions on their browsers, they were installing concealed code designed to scrape their information from the Facebook website, but also information from the users' browsers unrelated to Facebook — all without their knowledge," Jessica Romero, Facebook's Director of Platform Enforcement and Litigation, said today. "If the user visited the Facebook website, the browser extensions were programmed to scrape their name, user ID, gender, relationship status, age group and other information related to their account," Romero said. All extensions were developed by a software company named "Oink and Stuff," specialized in creating Android apps and browser extensions for Chrome, Firefox, Opera, and Microsoft Edge. While the company develops a wide array of browser extension, Facebook said it found data collection-related malicious behavior inside four extensions named Web for Instagram plus DM, Blue Messenger, Emoji keyboard, and Green Messenger, which Facebook said "functioned like spyware." All four extensions are still available on the official Chrome Web Store at the time of writing, and have more than 54,000 installs, combined. Facebook is now asking a Portuguese judge to issue a permanent injunction against the Oink and Stuff team and force the company to delete all the Facebook user data they acquired through the four extensions. A request for comment has been sent to Oink and Stuff but the company has not replied before this article's publication due to timezone differences. Today's lawsuit marks Facebook's latest lawsuit against rogue app and extension developers. Since early 2019, Facebook's legal department has been filing lawsuits against several third-parties that have been abusing its platform, such as: March 2019 - Facebook sues two Ukrainian browser extension makers (Gleb Sluchevsky and Andrey Gorbachov) for allegedly scraping user data. August 2019 - Facebook sues LionMobi and JediMobi, two Android app developers on allegations of advertising click fraud. October 2019 - Facebook sues Israeli surveillance vendor NSO Group for developing and selling a WhatsApp zero-day that was used in May 2019 to attack attorneys, journalists, human rights activists, political dissidents, diplomats, and government officials. December 2019 - Facebook sued ILikeAd and two Chinese nationals for using Facebook ads to trick users into downloading malware. February 2020 - Facebook sued OneAudience, an SDK maker that secretly collected data on Facebook users. March 2020 - Facebook sued Namecheap, one of the biggest domain name registrars on the internet, to unmask hackers who registered malicious domains through its service. April 2020 - Facebook sued LeadCloak for providing software to cloak deceptive ads related to COVID-19, pharmaceuticals, diet pills, and more. June 2020 - Facebook sued to unmask and take over 12 domains containing Facebook brands and used to scam Facebook users. June 2020 - Facebook sued MGP25 Cyberint Services, a company that operated an online website that sold Instagram likes and comments. June 2020 - Facebook sued the owner of Massroot8.com, a website that stole Facebook users' passwords. August 2020 - Facebook sued MobiBurn, the maker of an advertising SDK accused of scraping user data. August 2020 - Facebook sued the owner of Nakrutka, a website that sold Instagram likes, comments, and followers. October 2020 - Facebook sued the maker of two Chrome extensions for scraping user data. November 2020 - Facebook sued a Turkish national for operating a network of at least 20 Instagram clones. Source: Facebook sues two Chrome extension devs for scraping user data
  4. In a new lawsuit filed in the US, Nintendo sues an Amazon seller who distributed RCM Loader, a device that the company claims has the sole purpose of allowing people to play pirated video games by circumventing the Switch console's technological protection measures. On top, Nintendo is also suing the defendant for abusing the DMCA's counter-notification system. Nintendo’s ongoing battle to prevent people from playing pirated content on Switch consoles is showing no signs of slowing down. Its main targets thus far have been distributors and sellers of products offered by the infamous Team-Xecutor but a new lawsuit filed in the United States yesterday targets a seller of another jailbreak-style device. Circumvention of Technological Protection Measures As detailed in a number of earlier and similar lawsuits, Nintendo is determined to take action against any product that undermines the security features baked into consoles such as the Switch. These features are designed to prevent unauthorized access to the console and its games with the aim of preventing people from playing pirated content. According to the latest lawsuit, a defendant identified as Le Hoang Minh, who on Amazon does business under the name ‘Winmart’, sold a device known as RCM Loader. The dongle/device, which operates via a USB-C connector, is marketed as a plug-and-play solution for injecting payload files that allow booting into custom firmware (CFW), including Team-Xecutor’s SX OS. “Once this circumvention has occurred, the unauthorized CFW modifies the authorized Nintendo Switch operating system, thereby allowing users to obtain and play virtually any pirated game made for the Nintendo Switch. All of this happens without authorization or compensation to Nintendo or to any authorized game publishers,” the company’s complaint reads. Another feature of the system criticized by Nintendo is the ability for owners of legal copies of games to copy and share those games with others who are also using unauthorized custom firmware. Nintendo says it has been working hard to reduce the availability of SX OS and similar custom firmware but due to the trafficking of devices like RCM Loader, that battle continues. Defendant Sold RCM Loader Via Amazon According to the lawsuit, Vietnam-resident Le Hoang Minh, sold RCM Loader devices on Amazon so, to counter this distribution, Nintendo filed a DMCA takedown notice on October 21, 2020, citing 17 U.S.C. § 512(c) and requesting that the listing be removed. While Amazon did take the listing down, the removal was only temporary. This short-lived takedown was due to the seller submitting a DMCA counter-notice to Amazon on November 4, 2020, under 17 U.S.C. § 512(g)(3), claiming that the listing was non-infringing and had been taken down in error. Defenses Listed in the DMCA Counter Notice Attempting to cover most available defenses, relevant or not, the counter-notice from Le Hoang Minh is comprehensive if nothing else. In addition to claiming that the devices are not copyrighted and are therefore in the public domain, the Amazon seller advised the platform that Nintendo’s claim is faulty due to the company failing to provide any copyright registration information in its takedown notice. “The complainant does not hold the copyright to the material in question, is not the designated representative of the copyright holder, and therefore lacks standing to assert that my use of the material is a violation of any of the owner’s rights,” it added. In addition to a laundry list of alleged technical failings in Nintendo’s takedown notice, Amazon was advised by the defendant that the use of “the material” was legally protected “because it falls within the ‘fair use’ provision of the copyright regulations” and if Nintendo disagrees with that assertion, it “must” work with the seller to solve the dispute. “This communication to you is a DMCA counter notification letter as defined in 17 USC 512(g)(3). I declare, under penalty of perjury, that I have a good faith belief that the complaint of copyright violation is based on mistaken information, misidentification of the material in question, or deliberate misreading of the law,” the counter-notice reads. Importantly, the declaration adds that Le Hoang Minh submits to the jurisdiction of any appropriate US district court in case of a legal dispute with Nintendo. Nintendo: Challenge Accepted The lawsuit filed yesterday is a clear indication that Nintendo believes it has the law on its side, in respect of the illegal nature of RCM Loader and the validity of the DMCA counter-notice that attempted to reinstate the listing. “Defendant manufactures, imports, offers to the public, provides, and otherwise traffics in a circumvention device and software that circumvents the technological measures on the Nintendo Switch — specifically, the RCM Loader,” the company states. “On information and belief, the only purpose of Defendant’s circumvention device is to circumvent Nintendo’s technological protection measures.” Demanding maximum statutory damages for each violation of the relevant sections of the DMCA, Nintendo also demands a permanent injunction preventing the defendant from offering to the public or otherwise trafficking in circumvention devices in the future. On top, Nintendo is demanding relief for the defendant’s alleged abuse of the DMCA counter-notification system by misrepresenting material facts to Amazon, crafted to have the listing restored on the platform, in violation of Nintendo’s rights. Finally, the gaming giant asks the court to issue an order that will allow for the seizure, impoundment and destruction of all RCM Loader devices in the defendant’s possession, including any related software. The complaint can be found here (pdf) Source: TorrentFreak
  5. WASHINGTON (Reuters) - Alphabet Inc’s Google and the U.S. Justice Department have failed to reach agreement over a protective order for third parties like Microsoft that provided data to the government for its lawsuit against the search and advertising giant. Google is pressing for two in-house attorneys to have access to the confidential data while the Justice Department and state attorneys general involved in the lawsuit have disagreed, Google said in a court filing on Friday. Google stated it needed the information to prepare an effective defense. It offered to ensure that any confidential information would be made available solely to two in-house attorneys at the offices of Google’s outside counsel or in another secure manner, adding that it would promptly report any disclosure. The government said in a separate filing that allowing Google’s staff attorneys to review “strategic plans related to rival voice assistants, and other commercially sensitive information” was dangerous because they could misuse the information to squash potential competition. The government also said that highly confidential files in the last big technology antitrust case, which involved Microsoft Corp about 20 years ago, were only available to the company’s outside counsel. The companies whose documents are in dispute in the Google case also include Oracle Corp, AT&T Inc, Amazon.com, Comcast Corp and others. They have until next Friday to make their proposals for the terms of a protective order. Judge Amit Mehta of the U.S. District Court for the District of Columbia is hearing the Justice Department’s case against Google. The government sued Google in October, accusing the $1 trillion company of illegally using its market muscle to hobble rivals in the biggest challenge to the power and influence of Big Tech in decades. Source
  6. The makers of the films 'Ava' and 'Rambo V: Last Blood' have filed a lawsuit targeting 16 alleged movie pirates. The complaint suggests that the defendants are registered users of the popular torrent site RARBG, but provides no proof for this allegation. The film companies do have evidence that the IP-addresses were caught sharing torrent files. Lawsuits against alleged movie pirates are nothing new. We have reported on many dozens over the years. More recently, Hawaii-based attorney Kerry Culpepper added a new element to these cases when he singled out YTS users. The lawyer was able to do this because YTS handed over database information as part of a private settlement. A rather concerning development, which caused quite a stir among torrent users and site owners. This tactic is interesting from a few perspectives. For one, the database information is additional evidence and provides valuable information such as email addresses. In addition, calling a torrent site by name may deter some people from using it in the future. It’s a win-win. Lawsuit Against Alleged RARBG Users That last argument may be why a new lawsuit, filed on behalf of the makers of the films Rambo V: Last Blood and Ava, singles out the torrent site RARBG. In a complaint filed at a federal court in Hawaii, the movie companies accuse 16 “John Doe” defendants who are only known by their IP-addresses. These people were tracked by the company Maverickeye, which provides evidence for many related cases. In this case, the IP-addresses are linked to torrents for the movies ‘Ava’ and ‘Rambo V,’ which are shared on many pirate sites. However, the movie companies specifically call out RARBG. “Upon information and belief, each of the Defendants registered for an account on the movie piracy website ‘RARBG’ using an email address or installed a BitTorrent Client application on their device that retrieved torrent files from the movie piracy website ‘RARBG’,” they write. What Evidence is There? The RARBG mention is unusual because there’s no evidence to back up the claim that the defendants actually used this site. RARBG didn’t share any user data, as opposed to YTS. The only link to RARBG we can spot is that the torrents “Ava.2020.WEBDL.x264-FGT” and “Rambo.Last.Blood.2019.1080p.KORSUB.HDRip.x264.AAC2.0-STUTTERSHIT” are shared on the popular torrent site. That said, the same files, linking to the same swarms, are available elsewhere too. Nonetheless, RARBG is prominently mentioned throughout the complaint. The “notorious” pirate site “promotes and distributes” pirated content, the companies say. “As shown in the screenshot below, the movie piracy website ‘RARBG’ promotes and distributes the infringing torrent file ‘Ava.2020.WEBDL.x264-FGT’ which Defendants downloaded and used to display, reproduce and distribute the Work Ava.” Whether the defendants used RARBG or another site doesn’t change the copyright infringement allegations. These are totally independent of the site from which the torrents were downloaded. TorrentFreak reached out to the plaintiffs’ attorney who refused to comment on the issue. One possibility we could think of is that the site is mentioned to signal to users that they are vulnerable. But that would equally apply to other sites. Copyright Infringements and DMCA Violation Looking at the actual allegations, a familiar theme appears. All 16 ‘Does’ are accused of direct and contributory copyright infringement for allegedly sharing copies of the movie Ava, and one defendant also shared the Rambo film. In addition, the defendants are further accused of violating the DMCA by altering copyright management information (CMI). In this case, that means distributing the movies with an edited title, which references pirate groups such as “FGT” and “STUTTERSHIT”. “Defendants knew that neither ‘FGT’ nor ‘STUTTERSH*T’ were the authors of Plaintiffs’ Works,” the complaint reads. As is common in these types of cases, the movie companies requested a subpoena to compel the ISP, Verizon Wireless, to hand over the personal details of the associated subscribers. If granted, the accused will likely be offered a settlement of a few hundred dollars or more. Update: RARBG issued the following statement to us: “We are in no way shape or form involved in this lawsuit. We do not log ip addresses on downloads or any registered user IP addresses. It is our strong belief that these ip addresses were collected by p2p monitoring on torrent swarms.” — A copy of the complaint filed on behalf of Eve Nevada, LLC and Rambo V Productions, Inc, is available here (pdf) Source: TorrentFreak
  7. The makers of the film 'Angel Has Fallen' have filed a lawsuit against seventeen alleged pirates. According to the complaint, several defendants used the VPN service 'Private Internet Access,' which can expect to be subpoenaed. That effort will likely be fruitless as the VPN doesn't keep any logs. However, with help from information shared by torrent site YTS, users are still at risk. Millions of Internet users around the world use a VPN to protect their privacy online. Another key benefit is that VPNs hide users’ true IP-address, making them more anonymous. This prevents third-party monitoring outfits from carrying out unwanted snooping. This is one of the reasons why many torrent users have a VPN installed. Instead of displaying their own IP-address in torrent swarms, the VPN IP-address will show up. And when the provider doesn’t keep any logs, that address can’t be traced back to a single user. Lawsuit Targets Pirating VPN Users Such a setup seems secure, but it hasn’t prevented the makers of the action movie ‘Angel Has Fallen’ from suing several anonymous VPN users. In a recent lawsuit filed at a federal court in Colorado, the company lists fourteen alleged pirates that used an IP-address of the VPN service Private Internet Access, also . “Upon information and belief, Defendants DOES 3-5, 7-10 and 12-17 registered for paid accounts for Virtual Private Network (‘VPN’) service with the Colorado Internet Service Provider Private Internet Access,” the complaint reads. The lawsuit in question lists the defendants as Does, which means that their true identities are unknown. However, attorney Kerry Culpepper, who represents Fallen Productions in this matter, hopes to find out more through third-party subpoenas. Info From YTS User Database The case relies in part on information from the YTS user database that was shared by the operator of the site earlier this year, as part of a settlement. This includes download details of several users, as well as their IP-addresses and email addresses. The attorney has requested subpoenas to compel email providers, Internet providers, and Private Internet Access for more personal information. In the past, we have seen that Microsoft and ISPs such as Comcast will hand over what they have, but with a VPN this isn’t as straightforward. PIA’s Confirmed No-Log Policy PIA has a so-called ‘no logs’ policy which means that it can’t link a VPN IP-address and a timestamp to a unique user. This policy has been repeatedly tested and confirmed in courts. Culpepper informs TorrentFreak that he will request a subpoena regardless. He argues that the use of a VPN shows that people were aware of their illegal activity. “It is relevant because it shows they tried to hide their activities. It shows consciousness of the illegal activities,” Culpepper says, while pointing out where PIA warned YTS users that they were at risk. PIA’s Jurisdiction Angle In addition, by signing the terms of service, PIA users also subject themselves to the jurisdiction of Courts in Colorado. This is relevant in this case because not all defendants are from the western U.S. state. “Most importantly, if they signed up for an account with PIA they agreed to jurisdiction in Colorado no matter where they are. Most of the PIA users were not in Colorado,” Culpepper notes. All defendants are accused of downloading a torrent titled “Angel Has Fallen (2019) [BluRay] [720p] [YTS.LT],” as well as other copyright-infringing content that isn’t specified. Defendants Still at Risk According to the complaint all defendants have received at least one DMCA notice. Fifteen of them were also contacted repeatedly on their known email address with cease and desist notices and settlement offers, but these were ignored. With this lawsuit Fallen Productions hopes to uncover the identities of the people behind these IP- and email addresses. TorrentFreak contacted PIA for a comment on the lawsuit. The company said that it hasn’t received a subpoena yet and reiterated that it can’t identify individual users. “Private Internet Access has not received a subpoena in regards to this case. Even if we do, our response will be the same as always: PIA does not log VPN user activity,” a PIA spokesperson informed us. That was also confirmed in more detail earlier this year in our annual VPN overview. “There are no logs kept for any person or entity to match an IP address and a timestamp to a current or former user of our service,” PIA said at the time. That said, defendants are still at risk, as their email addresses are known as well. That doesn’t prove anything, as YTS allowed members to sign up with a fake email, but it could lead to people being identified eventually, without PIA’s involvement. If anything, this case shows that using a VPN only offers limited anonymity. When people use a VPN irregularly and leave other information behind, such as email addresses, they may eventually be exposed anyway. — A copy of Fallen Production’s complaint, filed as the US District Court in Colorado, is available here (pdf) Source: TorrentFreak
  8. US-broadcaster DISH Network is suing a former reseller of IPTV services SET TV and Simply-TV in a Florida court. It's alleged that the defendant continued to sell pirate IPTV subscriptions under various brands, even after DISH obtained damages awards of $120m and an order to prevent ongoing violations. Back in 2018, broadcaster DISH Network sued pirate IPTV service SET TV for offering numerous TV channels that had been illegally obtained from DISH’s satellite service. In November 2018 that particular lawsuit came to end when SET TV’s operators were ordered by a Florida court to pay $90 million in statutory damages. However, DISH wasn’t convinced its work was done when it came to similar if not identical services still in operation. DISH Targets Pirate IPTV Service Simply-TV In March 2019, DISH and NagraStar filed another lawsuit in Florida, targeting several individuals and companies collectively doing business as Simply-TV, a $20 per month service which several users described as having many similarities to SET TV. DISH complained that Simply-TV worked with SET TV-related entities that capture DISH content without permission, with Simply-TV also re-selling the service to others under their own brands and pricing structures. The Florida court quickly handed down a temporary restraining order and later in April, converted that to a comprehensive preliminary injunction. In August 2019, DISH was awarded $30 million in statutory damages and an order that permanently enjoined the Simply-TV defendants “and anyone acting in active concert or participation” with them from “retransmitting or copying, or assisting others in retransmitting or copying, any of DISH’s satellite or over-the-top Internet transmissions of television programming or any content contained therein.” DISH Sues Former SET TV and Simply-TV Reseller Lisa Crawford According to yet another IPTV lawsuit filed in Florida, DISH is now continuing its battle against an individual it claims was not only a reseller of the SET TV service but also of Simply-TV. DISH claims that an individual called Lisa Crawford along with business entities including LC One LLC, LC Pryme Enterprises LLC, LC Pryme Holdings LLC, LC Pryme One Enterprises LLC, and several others, ignored the orders of the Court in the previous cases by continuing to breach the broadcaster’s rights. Noting that Crawford initially acted as a reseller for SET TV, when that was shut down she began reselling Simply-TV packages. When that service was ended she moved on again by allegedly selling and supporting new pirate IPTV services including Prime Tyme TV, Lazer TV Streams, Griff TV, and Flix Streams. “Just like the SET TV and Simply-TV pirate streaming services, the new Pirate IPTV Services being facilitated by Crawford and the Pirate IPTV Entities are, and have been retransmitting DISH programming received from DISH’s satellite television service without authorization from DISH,” the complaint reads. DISH Demands Damages & Injunction Under the FCA DISH’s claims against Crawford, the LLCs, and the various IPTV brands are being actioned under the Federal Communications Act, specifically 47 U.S.C. § 605(a) and 47 U.S.C. § 605(e)(4) which relate to illegal reception/retransmission and selling devices that facilitate access to DISH’s satellite programming. In common with the lawsuits against SET TV and Simply-TV, DISH also demands a permanent injunction preventing Crawford and the various entities from illegally obtaining and distributing its television content, and manufacturing or selling configured devices and/or subscriptions. DISH also seeks an order that will remove advertising and social media pages promoting Prime Tyme TV, Lazer TV Streams, Griff TV, and Flix Streams, and an order that will allow it to take control of any and all websites used to offer the services. DISH also wants access to all records relating to IPTV devices and subscription sales, including the details of those who purchased them. In respect of damages, DISH demands up to $100,000 for each violation of 47 U.S.C. § 605(a) and up to $100,000 for each violation of 47 U.S.C. § 605(e)(4). As the earlier cases show, potential awards can easily reach tens of millions of dollars. The full complaint can be found here (pdf) Source: TorrentFreak
  9. Plex has failed in its initial legal action to prevent new streaming service Zee Plex from using the word 'Plex' in its branding. The High Court in Bombay found that low domestic sales for Plex, a fundamental difference in services offered by the parties, plus no evidence of "passing off" or anticipated injuries all went against Plex. Early September, Indian media company Zee Entertainment Enterprises revealed it would soon launch a brand new streaming service with the aim of premiering blockbuster movies directly to people’s homes, partly to combat piracy. Initially reported as the ‘Zee Plex’ service, the product was set for launch last Friday, October 2, 2020. However, the news didn’t sit well with US-based Plex, Inc., the operator of the famous Plex media server software. According to Plex, Inc., Zee Plex operator Zee Entertainment Enterprises’ choice of name meant that its new service would be illegally trading off the hard-earned goodwill of the Plex trademark. Describing Zee Plex as a “competing service”, Plex Inc. took legal action to urgently obtain an injunction to prevent the service launching with the infringing mark. Ad-Interim Application for Injunction Zee Plex launched as planned October 2, 2020, but not before the matter was heard by the High Court in Bombay via video conferencing just a day earlier. The Court heard that Zee Entertainment is a large multi-media conglomerate providing entertainment across a broad range of platforms including the Internet, OTT, satellite and cable. It was acknowledged that Plex Inc. had adopted the Plex trademark in May 2008 in the United States for a software/hardware service that allows a user to take content “wherever he goes”. Plex told the Court that it signed up its first Indian user back in July 2008 and now has 550,000 users and “very high sales” in the country. The Court questioned that, noting that evidence pointed to sales of between US$24,000 to US$30,000. This is important because the volume of domestic business can be used as a factor when considering the value of existing goodwill and reputation. Court Failed to See Similarities Between Plex and Zee Plex In the decision handed down on October 1, 2020, the Court found that on first view, the Plex media server and Zee Plex were “fundamentally different”. Noting that Zee Plex is a “cinema-to-home pay-per-view movie service” and that Plex carries some of its own “curated content”, the Zee Plex service does not have any of the “take your own content with you” services offered by Plex. At this point it’s worth highlighting that Zee says that its service is actually called ZEEPLEX, i.e one word instead of two. According to the Court, this doesn’t amount to much since Plex objects to the word ‘Plex’ being used in any way but from here things didn’t get any better for Plex. No Prima Facie Case of ‘Passing Off’ The Court notes that Plex’s case is based on allegations of deceit by Zee Entertainment, in that it used the Plex name to dupe or mislead consumers into thinking it had somehow tied up with Plex in business. To show such a case, Plex must demonstrate strong reputation and brand recognition in India among consumers but the Court found that, on the surface, the balance tips away from the US-based company. “I do not yet see sufficient material from Plex to be able to establish its reputation at least within India, whatever may be its reputation, registrations and sales in other jurisdictions. In contract, there is the much greater reputation and standing of Zee amongst subscribers across the length and the breadth of the country with a large number of channels in various languages,” the judge’s order reads. Equally, arguments by Plex that it should receive the same kinds of protection enjoyed by companies such as Sony, Disney or Hotstar, were also dismissed by the Court. “Merely pointing to other established and reputed players in the field is not enough, and it is hardly a credible argument to say that ‘if Sony provides content and has a reputation, since I, too, provide content, I must be presumed to have an equivalent reputation. So if Sony could maintain such an action and get an order, so must I.’ “There is no one-size-fits-all approach in these matters. Every claimant in a passing off action stands or falls on his own merits and case,” the order adds. Issues With Plex Trademark in India The Court notes that while Plex has registered trademarks in several jurisdictions, those locations do not include India. The Court adds that when the ZEEPLEX service was announced in September, Plex had applied for but not obtained a trademark registration. However, after the announcement, Plex reportedly went to the registry to make an amendment that indicated that it was proposed to be used back in 2008. “In other words, until it moved the amendment application, its own case in the registry was that at least in India, its mark was not in use, but only had a proposed or anticipated user,” the order notes. Judge Apparently Irritated By Last Minute Injunction Demands While the Court heard the matter in advance of the ZEEPLEX service’s launch, the judge appears to be irritated by companies in intellectual property disputes expecting courts to deal with their cases quickly and at the expense of other matters. “[I] have said this before — that parties in IPR matters cannot expect Courts to push aside all other cases. This happens repeatedly, whether it is movie releases or otherwise. It must stop,” the judge writes in his order. “It is unfair to courts and it is unfair to other litigants waiting their turn. Where a plaintiff has had enough notice and yet chooses to move at the eleventh hour — and makes no allowance at all for any adjustment that may be required — the plaintiff must be prepared to face the consequences.” Plex Injunction Application Fails At This Stage In considering whether to grant an early injunction, the Court weighed several factors but ultimately sided with Zee Entertainment. According to the judge, Plex has no prima facie case, cannot show anticipated injury, and its userbase in India is too small to show that Zee tried to pass off its new channel as being in association with Plex. “The grant of the injunction Plex seeks would, on the other, cause immense and immediate financial loss and harm to Zee. Consequently, I find no reason to grant an ad interim injunction in this passing off action,” the order concludes. While Plex didn’t immediately get the result it had hoped for, the matter isn’t completely over yet. Plex has been granted leave to amend and will be hoping for a different result. The order handed down by the High Court of Bombay can be found here (pdf) Source: TorrentFreak
  10. The company behind the war drama film The Outpost has filed a mass copyright infringement lawsuit in Canada. The statement of claim targets 841 'Doe' defendants who allegedly downloaded and shared the movie, demanding an injunction plus damages under the Copyright Act. The claim states that all defendants ignored two warnings to cease and desist. Mass lawsuits targeting Internet subscribers who allegedly downloaded and/or shared copyrighted material have been a common tactic for content companies over more than 15 years. The targets are nearly always BitTorrent users since without using a decent VPN, they are easy prey for anti-piracy companies. The practice is widespread in the United States and in many countries across Europe but Canada is also popular with mass litigants, who are often labeled ‘copyright trolls’ due to their tactics. Statement of Claim Filed in Federal Court of Toronto Filed on September 23 by Outpost Productions, Inc., the action targets 841 IP addresses allocated to the same number of ‘Doe’ defendants, none of whom are currently known by name to the plaintiffs. It’s alleged that each person downloaded and/or uploaded the 2020 war drama movie ‘The Outpost’ in breach of copyright law. According to the claim, the defendants shouldn’t be surprised that they are being targeted. After their infringement was detected on BitTorrent networks, they were each sent a notice via their ISPs informing them that they had been observed online sharing the movie. If they stopped at that point, no further action would be taken, they were told. No Defendants Responded or Took the Advice to Stop After the first notices were sent out, an anti-piracy company working on behalf of Outpost Productions continued to monitor BitTorrent swarms sharing the movie. During this period, it was possible to determine that the 841 IP addresses listed in the claim were still downloading and/or sharing the content days and in some cases weeks later. As a result, they were sent a second notice, again via their ISP. “As a result of each Defendant’s failure to respond to the First Notice and his or her continuation of the Unlawful Acts, a second notice..was sent to the Defendant by Counsel for the Plaintiff after the forensic software detected that the same IP address was offering for upload the same work,” the plaintiffs write. “This Second Notice indicated that the work had not been removed and that legal action may be taken as against such Defendant. The Defendant failed or refused to respond to the Second Notice and continued his or her Unlawful Acts.” The claim notes that it is illegal under the Copyright Act to make content available for download, advertise a work for download, and illegal not to take “reasonable, or any, steps” to ensure that the person downloading the work is authorized to do so by law. ISPs Log IP Addresses By Time and Date At this stage the true identities of the Does are not known by the plaintiffs but the claim notes that their respective ISPs carry time and date logs that allow them to correlate an IP address to the identity of a specific customer. “The ‘customer’ may be the infringer of copyright, in particular if the assigned IP address is only used by a single device,” the claim adds, cautiously. However, even if the IP address is shared with multiple devices, the customer “should have, and ought to have, the knowledge of who was using the customer’s internet account at the specifically identified date and time.” While the plaintiffs believe that it will be possible to trace an IP address to an ISP customer, they further note that “further examination of the customer” may be necessary. Identifying Who Actually Infringed is More Difficult Households with an ISP connection often have several users, each doing their own thing on their own devices. This can cause problems when trying to pin a specific act on an individual using the same IP address as everyone else. This eventuality is tackled in the claim by holding the person who pays the bill responsible for the actions of everyone else. “(s)ome of the Defendants may not be the direct infringer, but through negligence or wilful blindness has authorized others to do the foregoing acts, including the Unlawful Acts. In this regard, the Plaintiff pleads that each Defendant possessed sufficient control over the use of his or her internet account and associated computers and internet devices such that he or she authorized, sanctioned, approved or countenanced the infringements…,” the claim adds. There are 841 IP addresses listed in the lawsuit and while we haven’t researched every single one, a random sample of around 100 reveals that the addresses are registered to well known Canadian ISPs including Bell, Eastlink, Rogers, SaskTel, TekSavvy, and Telus Communications. Claim for Injunction and Damages The main goal in this and all similar claims is for the plaintiffs to receive financial compensation for the alleged actions of the infringers while preventing any infringement from continuing. In respect of the former, that can only be achieved once alleged infringers have been identified by their ISPs. That is usually achieved via a so-called Norwich Order, which allows plaintiffs to bring an action against an innocent third-party (in this case ISPs) tied up in some wrongdoing to compel them to participate in a discovery process, i.e matching IP addresses to names and addresses, before handing those lists to the plaintiff. Historically, TekSavvy is the most obvious ISP when it comes to the possibility of protecting its customers from being identified but whether it will put up a fight in this matter is currently unknown. While the plaintiffs urge the court to prevent the defendants from continuing to infringe, the Doe defendants are being sent a copy of the case by the court, advising them that if they do want to put up a defense, they must do so within 30 days of receiving the claim. This and Earlier Cases Linked to Millenium Media As reported in February, more than 3,300 defendants are being targeted in similar actions brought by companies behind the movies Angel Has Fallen and Rambo: Last Blood. In common with The Outpost, all entities are directly connected to Millenium Media, whose affiliates sued and then reached a settlement with torrent site YTS. Part of that settlement involved YTS handing over user data to the companies in question, something that is now resulting in alleged pirates being sued in the United States. There is currently no suggestion that YTS data is being used in the present action. A copy of the Statement of Claim can be found here (pdf, via Excess Copyright) Source: TorrentFreak
  11. Several movie companies have filed a new lawsuit targeting three users of the popular torrent site YTS. The alleged pirates were identified based on data that was previously provided by the site's operator. The three were initially approached for an out-of-court settlement but, according to the rightsholders, they failed to respond. In recent years, YTS.mx has become one of the most-used torrent sites, serving millions of visitors a day. The site can be used without registering an account. However, those who sign up get some extra features, such as an option to bookmark titles. These added benefits can be handy but a few months ago we learned that having an account also comes with risks. Movie Companies Target YTS site and Users At the start of the year, a group of movie companies filed lawsuits against alleged YTS users. In doing so, they relied on information that appeared to come directly from the YTS user database, including email addresses. The timing of these lawsuits was interesting. The complaints were filed around the same time the alleged operator of YTS signed a settlement deal with the same movie companies, agreeing to pay a substantial settlement fee. We later learned that, in order to resolve the matter, YTS had shared information from its database with the movie outfits. While it was a one-time handover, there was enough information to go after a long list of users. Today we can report on the latest development in this saga. Shared User Data Triggers Settlement Demands As reported earlier, the YTS user data ended up at the makers of films such as “Hellboy” and “Rambo: Last Blood,” and “London has Fallen,” who used it to their advantage. In addition to filing lawsuits, they also approached alleged file-sharers with settlement demands directly. With the threat of potential legal action, several users are likely to pay up. However, not everyone does. A few days ago, a dozen movie companies sued three alleged YTS users who failed to respond to these out-of-court settlement demands. In a complaint filed at a federal court in Colorado, the copyright holders accuse the defendants of sharing pirated copies of titles including Hunter Killer, Rambo V: Last Blood, London Has Fallen, Hellboy, and Mechanic: Resurrection. The legal paperwork identifies the three, who are all Colorado residents, as Stephen Moody, William Nelson, and Ty Tidwell. They all signed up with YTS using email addresses linked to Microsoft, which presumably shared information with the movie companies through a subpoena. “Defendant William Nelson entered the name ‘William Nelson’ and the state ‘Colorado’ when initially registering for his email address ‘[redacted]@hotmail.com’ on September 26, 2000,” the complaint reads, adding that he registered for an account with the YTS website using that same email. The same defendant also used a VPN on several occasions. According to the copyright holders he did so “to conceal his illicit activities,” however, that offered little help. Sued YTS Users Ignored Settlement Demands With the IP-addresses, email addresses, and download records from YTS, paired with information gathered from public torrent trackers, the movie companies reached out to the three men with a settlement offer. We believe that this is similar to the letters we reported on in the past, where a settlement of around $1,000 was proposed. The three defendants didn’t respond to the offer, according to the complaint. “Defendant [name] has ignored repeated communications from Plaintiffs’ counsel requesting him to cease and desist his unlawful activity and pay a portion of Plaintiffs’ damages,” it reads. The three defendants are all accused of direct and contributory copyright infringement by sharing the various films. The movie companies request actual or statutory damages as compensation for the losses they suffered. In addition, the three men also allegedly violated the DMCA by distributing content with altered copyright management information. According to the complaint, distributing files with words like “YTS” added to the title could induce others to pirate these films. For this, the movie companies want to be compensated too. — A copy of the full complaint, filed on behalf of Plaintiffs: Fallen Productions, Hunter Killer Productions, Rambo V Productions, LHF Productions, Millennium Funding, HB Productions, Stoic Productions, Voltage Holdings, Gunfighter Productions, SF Film, Definition Delaware, and After Productions, is available here (pdf) Source: TorrentFreak
  12. Technology giant Samsung is being sued for $1.3 million by content protection company Verance. According to a lawsuit filed in the US, for two years Samsung failed to pay licensing fees for use of Cinavia, the anti-piracy technology that aims to prevent copied or downloaded content being played on Blu-ray disc players. For at least two decades, entertainment companies have been trying to prevent people from copying commercially produced DVDs and more recently Blu-ray discs. In common with most anti-piracy technologies the protections deployed were eventually circumvented, resulting in copies of every major film and TV show being copied and distributed, either on physical formats or more commonly digitally via the Internet. However, at least one system continues to irritate playback on millions of devices. Cinavia – Making Playback Difficult For (some) Pirates Under development since 1999 albeit under a different name, the anti-piracy protection now known as Cinavia hit the market in 2010. The stated aim of the watermarking technology was to embed special digital markers into audio tracks of movies that could be later detected in order to mitigate piracy. In 2012, Cinavia detection became mandatory in all Blu-ray disc players, meaning that when Cinavia code was found in a copy of a Blu-ray disc or even a movie downloaded from the Internet (Cinavia can survive when a movie is cammed in cinemas), the associated playback device was able to prevent the unauthorized copy from playing. Samsung Sued For $1.3m For Non-Payment of Cinavia Licensing Fees In common with most anti-piracy technologies, the use of Cinavia isn’t free. Companies such as Samsung, LG and Philips, for example, are not only compelled to include Cinavia protection in their hardware players, they must also pay considerable licensing fees to Verance for the privilege. In Samsung’s case, however, it’s now being alleged that the company has stopped doing that. Filed in a New York court by Verance Corporation against South Korea-based Samsung, a new lawsuit claims that in 2011, the companies reached a licensing agreement to have Cinavia technology embedded in Samsung products. Verance claims that Samsung produced over 40 million Blu-ray players containing its technology. From 2011 until 2017, Samsung used Cinavia under the terms of a ‘Preferred Partner Program’ (PPP) which required Samsung to comply with “enhanced technical requirements”. In 2017, however, Verance says that Samsung could no longer comply with these technical conditions so it terminated Samsung’s participation in the PPP and stop waiving certain fees associated with it. After the parties failed to reach an agreement, in April 2017 Verance gave Samsung 90 days notice of its intent not to renew two licensing agreements but said it would continue Samsung’s overall license coverage. Verance also said it would update its license agreements “to address issues” that had arisen since the Cinavia license program had begun several years earlier. According to the lawsuit, however, Samsung never signed those agreements and didn’t pay any licensing fees for the seven million products it shipped containing Cinavia between July 2017 and September 2019. In response, Verance invoiced Samsung for the outstanding fees but Samsung refused to settle the bill. Samsung Owes Verance $1 Million in Licensing Fees The amount on the invoice is significant. Alleging breach of contract, Verance claims that Samsung owes $1,010,737.65 in licensing fees for the use of Cinavia in its products. On top, the company claims that it is entitled to collect late fees of 1.5% per month, totaling $299,267 as of June 30, 2020. “Verance has been damaged by Samsung’s refusal to pay the licensing fees and the late fees. In addition to its damages, Verance also is entitled to recover its reasonable attorney’s fees and other costs incurred in connection with this action,” the complaint reads. A second count of ‘unjust enrichment’ has Verance claiming that by failing to pay the appropriate licensing fees for its mandatory DRM product, Samsung was enriched at the content protection company’s expense. “It is against equity and good conscience to permit Samsung to retain the amounts Verance is seeking to recover,” the company writes. The Slow Death of Blu-ray, The Rise of Streaming In February 2019, it was reported that Samsung was beginning a withdrawal from the Blu-ray player market. “Samsung will no longer introduce new Blu-ray or 4K Blu-ray player models in the US market,” a Samsung spokesperson told CNET. In March this year, the MPA’s THEME Report, an analysis of the theatrical and home/mobile entertainment market environment, revealed that physical products (DVD/Blu-ray) accounted for just 10% of the market in 2019 at $10.1 billion, down 22% from 2018’s $12.4 billion total. Meanwhile, streaming service subscriptions increased 28%, reaching 863 million subscribers worldwide. With the Demise of Blu-Ray Players Comes a Lack of Control With millions of consumers now moving away from hardware players, Cinavia is arguably less relevant than it once was. While it is mandatory in Blu-ray players, that is not the direction the market is heading. Furthermore, software video players tend not to detect Cinavia so for most pirates the technology doesn’t affect their consumption habits. However, Cinavia still exists in Blu-ray players including those in consoles, something that causes a steady stream of complaints from those trying to play pirated copies. The big question, however, is when the Blu-ray player will be completely discarded as another technological relic – and Cinavia with it. A copy of the lawsuit filed by Verance against Samsung can be found here (pdf) Source: TorrentFreak
  13. A class-action lawsuit, filed against YouTube by Grammy award-winning musician Maria Schneider and Pirate Monitor Ltd, has taken an unexpected turn. According to YouTube, Pirate Monitor first used bogus accounts to upload its own videos. It then filed DMCA notices to have the same content removed in a ploy to gain fraudulent access to Content ID management tools. Early July, Grammy award-winning musician Maria Schneider teamed up with Virgin Islands-based Pirate Monitor Ltd in a class action lawsuit targeting YouTube. Filed in a California court, the complaint centered on YouTube’s alleged copyright failures, including the company’s refusal to allow “ordinary creators” to have access to its copyright management tools known as Content ID. “Denied Any Meaningful Opportunity” to Prevent Infringement Painting YouTube as a platform designed from the ground up to attract and monetize piracy, the action contained a barrage of additional accusations, including that the mere existence of Content ID, through which creators can be compensated for otherwise infringing uploads, means that most infringement is shielded from YouTube’s repeat infringer policy. Schneider informed the court that a number of her songs had been posted to YouTube without her permission, noting that she had twice been refused access to Content ID and the “automatic and preemptive blocking” mechanisms that are available to larger rightsholders. For its part, Pirate Monitor Ltd claimed that its content, including the movie Immigrants – Jóska menni Amerika, was illegally uploaded to YouTube hundreds of times. The company said that while YouTube responded to takedown notices, they often took too long to process. Access to YouTube’s Content ID system was denied, Pirate Monitor added. YouTube Responds to Complaint, Files Counterclaims Much like the beginning of the complaint itself, YouTube and owner Google’s response begins in familiar fashion. The company denies that it encourages infringement, instead noting that it goes “far above and beyond” its legal obligations when assisting copyright holders to protect their rights, including by investing more than $100m in Content ID. Of course, this complaint largely revolves around YouTube denying the plaintiffs’ access to Content ID but to that allegation, the company has a set of simple and apparently devastating response points. Firstly, Pirate Monitor Ltd cannot be trusted since it has already engaged in fraudulent behavior in respect of Content ID. As for Schneider, not only is she suing YouTube over copyrighted music that she and her agents have already granted YouTube a license to use, her own agent has also used Content ID to generate revenue from those works on her behalf. Pirate Monitor Uploaded its Own Content Using Bogus Accounts While the claim that Schneider licensed her content to YouTube and made money through Content ID is surprising, that pales into insignificance when compared to the allegations against Pirate Monitor Ltd. During the fall of 2019, YouTube says that Pirate Monitor through its authorized agents created a series of accounts on YouTube using bogus account registration information to hide the relationship between the account creators and Pirate Monitor. These accounts were subsequently used to upload “hundreds of videos” to YouTube. These included clips from exactly the same works that Pirate Monitor accuses YouTube of infringing in its complaint – the films Csak szex és más semi and Zimmer Feri. “Each time these videos were uploaded, Pirate Monitor was representing and warranting that the video did not infringe anyone’s copyrights, and it expressly granted YouTube a license to display, reproduce, and otherwise use the videos in connection with the service. Pirate Monitor also represented that it owned or had the rights to upload and license the material contained in the videos,” YouTube’s answer reads. Shortly after, YouTube notes, Pirate Monitor followed up by sending “hundreds” of DMCA takedown notices targeting many of the videos it had uploaded through the disguised accounts. “In those notices, Pirate Monitor represented that the videos that were the subject of the notices — videos that it had uploaded — infringed its copyrights or the copyrights of a party whom Pirate Monitor was authorized to represent. YouTube processed the substantial volume of DMCA takedown requests and removed the videos,” YouTube adds. YouTube Backs Pirate Monitor Into a Corner As noted in YouTube’s answer, Pirate Monitor’s representations over the status of these videos cannot be correct in both instances. At the point of upload the company told YouTube that it had the right to upload the videos since they infringed nobody’s rights. If those declarations were untrue, the company breached the ToS agreement and “perpetrated a fraud on YouTube” by uploading infringing content. On the other hand, if it did have permission to upload the content, then Pirate Monitor knowingly made false statements to YouTube when it submitted DMCA takedown notices clearly stating that the uploads were infringing. The big question, then, is why Pirate Monitor engaged in this alleged conduct at all. YouTube: Pirate Monitor Wanted Access to Content ID According to YouTube, Pirate Monitor had previously applied for access to the Content ID program. However, the company was denied on the basis that it was required to demonstrate a valid need and have a “track record” of properly using the DMCA takedown process. YouTube believes that since Pirate Monitor was lacking these qualities, it cooked up a scheme to convince the video platform that it fulfilled the criteria. “Pirate Monitor believed that it could demonstrate both the need for access, and a track record of valid DMCA takedown requests, by surreptitiously uploading a substantial volume of content through accounts seemingly unconnected to it, and then sending DMCA takedown requests for that same content,” YouTube says. “Instead of showing that it could properly use YouTube’s tools, Pirate Monitor’s deceptive and unlawful tactics established that it could not be trusted, and that YouTube was right in rejecting its request for access.” YouTube’s Counterclaims As a result of Pirate Monitor’s actions, YouTube says that there has been a breach of contract. The company and its agents failed to provide accurate information during the account creation process and seems to have uploaded videos to YouTube that infringed third-party copyrights. All of this cost YouTube time and money, including investigating and processing Pirate Monitor’s claims that the content was infringing. Furthermore, YouTube notes that in its agreement with Pirate Monitor, the company is obliged to “indemnify YouTube for claims rising out of or relating to its use of the YouTube service. “In seeking defense costs and any potential liability in this action as damages for Pirate Monitor’s contract breaches, YouTube expressly preserves its separate entitlement to contractual indemnity and will amend its counterclaims to add a claim for that indemnity if Pirate Monitor refuses to honor its indemnity obligation,” the video platform writes. YouTube further alleges fraud in respect of more than a dozen accounts Pirate Monitor created for the purposes of uploading around 2,000 videos. Taking the statements in the subsequent DMCA takedown notices sent by the company as accurate, YouTube says that Pirate Monitor agreed not to upload infringing content but did anyway, each time declaring that it had the necessary rights to the content being uploaded. As an alternative, YouTube offers similar counterclaims in the event that Pirate Monitor actually had permission to upload the videos but abused the DMCA by issuing fraudulent takedown notices instead. Request for Injunction and Damages In addition to requesting damages to compensate for the harm caused by Pirate Monitor’s actions, YouTube demands a punitive damages award to compensate for its “fraudulent conduct”. The video platform also seeks an injunction barring Pirate Monitor and its agents from submitting any further DMCA notices that wrongfully claim that material on the YouTube service infringes copyrights held (or are claimed to be held) by Pirate Monitor or anyone it claims to represent. YouTube and Google’s Answer and Counterclaims can be found here (pdf) Source: TorrentFreak
  14. Facebook is being sued by an Instagram user who claims the social media giant spied on users through their iPhone cameras. Brittany Conditi, who filed the lawsuit, said Facebook accessed Instagram users’ cameras even when they weren’t taking pictures or videos. Users first noticed a green FaceTime symbol appear on their phones when they were scrolling through their Instagram news feeds in July. Facebook has denied spying, and blamed a bug. Facebook is being sued over claims it spied on Instagram users through their iPhone cameras. The social-media giant has denied the claims, and blamed a bug that it said triggered false notifications that Instagram was accessing iPhone cameras. In July, users noticed that a green FaceTime symbol was showing up when they scrolled through their Instagram feed, per the Independent. The symbol appears on iPhones when the camera is on. The lawsuit, filed on Thursday by Instagram user Brittany Conditi, claims that Facebook's intentional access of the camera allows the app to collect "lucrative and valuable data on its users that it would not otherwise have access to," Bloomberg reported. Instagram and Facebook can collect "valuable insights and market research" by "obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes," the complaint says. Conditi filed the lawsuit in a San Francisco federal court. Facebook did not immediately respond for a comment when contacted by Business Insider. The accusation follows allegations that Facebook illegally holds more than 100 million Instagram users' biometric data. The social media company offered to pay $650 million in July to settle a lawsuit that accused it of collecting data through the photo-tagging tool available on the app. In November, users accused Facebook of accessing iPhone cameras through the Facebook app. A Facebook spokesperson told CNN that the bug was "inadvertently introduced" and promised to fix the issue. Source
  15. Alphabet Inc.'s Google faces a multibillion-dollar lawsuit in Britain over claims that YouTube routinely breaks privacy laws by tracking children online. The suit, filed on behalf of more than five million British children under 13 and their parents, is being brought by privacy campaigner Duncan McCann and being supported by Foxglove, a tech justice group. The claimants estimate that if they’re successful, there would be as much as $3.2 billion (2.5 billion pounds) in compensation, worth 100 to 500 pounds per child. The filing alleges that YouTube's methods of targeting underage audiences constitute "major breaches" of U.K. and European privacy and data rules designed to protect citizens' control over their own private information. YouTube has "systematically broken these laws by harvesting children's data without obtaining prior parental consent," it alleges. A spokesperson for YouTube declined to comment on the lawsuit Monday but added that the video streaming service isn't designed for users under the age of 13. "We launched the YouTube Kids app as a dedicated destination for kids and are always working to better protect kids and families on YouTube," the company said in an emailed statement. Privacy watchdogs have in recent months turned their attention more closely to the protection of children’s data, with regulators in Ireland looking to clarify the rights of children under the European Union’s strict data protection rules, and the U.K.'s information commissioner publishing a code of practice with specific standards for online services to follow. ByteDance Ltd.'s social media app TikTok has in recent months also come under scrutiny by several EU data watchdogs over its processing of children's data. It’s the first class-action suit in Europe brought against a tech firm on behalf of children, according to the claimants. The legal action is being backed by Vannin Capital, a global litigation funder. “The cost of YouTube’s so-called free service is kids that are addicted to online content and influenced by large tech companies that have stolen their privacy,” said Cori Crider, director of Foxglove. “Google won’t clean up its act until it’s forced to do so by the courts.” Source
  16. Internet provider Bright House Networks has countersued several major record labels, alleging that they sent false and deceptive piracy notices to its subscribers. This week, the company asked the court for permission to add the RIAA and its anti-piracy partner MarkMonitor to the suit, as they are central to the wrongful conduct. Last year, a group of major music companies sued Internet provider Bright House Networks, a subsidiary of Charter Communications. The lawsuit claimed that the ISPs failed to terminate repeat infringers. By keeping pirates as customers it violated the DMCA, the music companies alleged. Such claims are not new. The same music companies have sued several ISPs in the past and booked a major victory when a jury ordered Cox to pay a billion dollars in damages for turning a blind eye to piracy on its network. Charter is determined to avoid ending up in a similar position. In March, it denied the copyright infringement allegations in court while striking back with some accusations against the record labels. According to Charter, the companies abused the DMCA by sending “false” and “deceptive” piracy notices. These counterclaims were filed against the same music companies that sued Bright House. However, in a new filing this week, the ISP informs the Florida Federal Court that it would like to add two new defendants to the suit. RIAA and MarkMonitor Played a Central Role Bright House explains that the music industry group RIAA and its anti-piracy partner MarkMonitor are also to blame. The RIAA was responsible for sending the piracy notices that were sent by and based on evidence provided by MarkMonitor. “The RIAA and MarkMonitor are central to Plaintiffs’ wrongful conduct,” Bright House informs the court. “Bright House received copyright infringement notices containing material misrepresentations from the RIAA, purporting to assert the rights of Plaintiffs but sent by MarkMonitor.” Normally, it wouldn’t be a problem for Bright House to add new defendants to its counterclaim. However, in this case, the officially scheduled deadline to do so has passed. This is why the company is requesting explicit permission to add the new parties. This delayed request is justified, the ISP argues, because the originally scheduled deadline passed before it had the chance to add the new parties. A copy of the proposed amended complaint, filed yesterday, shows that Bright House accuses the RIAA and MarkMonitor of committing the same offenses as the record labels that were sued. Violating the DMCA First, Bright House accuses all companies of violating the DMCA by knowingly sending inaccurate piracy notices. This includes sending notices for musical works that they allegedly don’t own or have the rights to. In addition, the notices themselves are sometimes based on unconfirmed evidence. “Upon information and belief, Plaintiffs, the RIAA, and MarkMonitor, routinely fail to confirm that the files identified by MarkMonitor as allegedly infringing are in fact copies of the works asserted before notices are sent to ISPs, like Bright House,” the complaint reads. Among other things, the ISP cites an academic study from Jennifer Urban and colleagues, which found that MarkMonitor occasionally makes mistakes. While that study was focused on web takedowns, not P2P infringements, the conclusions are not in favor of the RIAA’s anti-piracy partner. For example, MarkMonitor was found to send takedown notices to Google which flagged sites that had been dead for over a year. In addition, not all identified URLs matched with the allegedly pirated material. “The Urban Study also discussed specific instances in which notices sent by MarkMonitor were ‘clear mismatches’ between the allegedly infringed work and the online content that was allegedly infringing,” the complaint adds. Deceptive and Unfair Trade Practices The second claim against the companies accuses them of violating Florida’s Deceptive and Unfair Trade Practices Act. Specifically, Bright House accuses them of “knowingly or recklessly sending, and causing to be sent, false, deceptive, and misleading copyright infringement notices” for works they didn’t own or have the rights to. Before the court reviews any of these claims against the RIAA and MarkMonitor, it first has to decide whether the counterclaim can be amended to include the new defendants. If it’s accepted, the RIAA and MarkMonitor will get the opportunity to have their say as well. — A copy of the proposed amended counterclaims to the amended complaint is available here (pdf) Source: TorrentFreak
  17. The potential class action says Apple is enabling gambling. Most complaints about loot boxes (aka “surprise mechanics”) in games are levelled against the developers, but the latest is aiming at the stores offering those games. AppleInsider has learned of a potential class action lawsuit accusing Apple of profiting from the distribution of games with loot boxes, whose gambling element allegedly violates California law. The company is tacitly aware that loot boxes are gambling as it requires that creators disclose the “odds of winning,” according to the lawsuit, but it doesn’t ask for a notification that loot boxes exist. Companies are also allowed to set their own age ratings, making it possible for an app deemed kid-friendly to include gambling elements. The lawsuit cites numerous games that rely on loot boxes (if sometimes indirectly), including Mario Kart Tour, FIFA Soccer, Roblox and Brawl Stars. The lawsuit was filed by Rebecca Taylor, a parent whose child has allegedly fallen to the “predatory” tactics. The lawsuit isn’t guaranteed to get class action status. However, it steps up the pressure on Apple and other digital game sellers to clearly disclose the presence of loot boxes. There have already been efforts to regulate the games, and lawsuits like this could increase calls to regulate the stores as well. Source
  18. (Reuters) - Google was sued on Tuesday in a proposed class action accusing the internet search company of illegally invading the privacy of millions of users by pervasively tracking their internet use through browsers set in “private” mode. The lawsuit seeks at least $5 billion, accusing the Alphabet Inc unit of surreptitiously collecting information about what people view online and where they browse, despite their using what Google calls Incognito mode. According to the complaint filed in the federal court in San Jose, California, Google gathers data through Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps, regardless of whether users click on Google-supported ads. This helps Google learn about users’ friends, hobbies, favorite foods, shopping habits, and even the “most intimate and potentially embarrassing things” they search for online, the complaint said. Google “cannot continue to engage in the covert and unauthorized data collection from virtually every American with a computer or phone,” the complaint said. Jose Castaneda, a Google spokesman, said the Mountain View, California-based company will defend itself vigorously against the claims. “As we clearly state each time you open a new incognito tab, websites might be able to collect information about your browsing activity,” he said. While users may view private browsing as a safe haven from watchful eyes, computer security researchers have long raised concern that Google and rivals might augment user profiles by tracking people’s identities across different browsing modes, combining data from private and ordinary internet surfing. The complaint said the proposed class likely includes “millions” of Google users who since June 1, 2016 browsed the internet in “private” mode. It seeks at least $5,000 of damages per user for violations of federal wiretapping and California privacy laws. Boies Schiller & Flexner represents the plaintiffs Chasom Brown, Maria Nguyen and William Byatt. The case is Brown et al v Google LLC et al, U.S. District Court, Northern District of California, No. 20-03664. Source
  19. Ubisoft takes Rainbow Six Siege's top DDoS attackers to court. What you need to know Ubisoft has targeted individuals behind third-party Rainbow Six Siege distributed denial-of-service (DDoS) services in a new lawsuit. The lawsuit claims the subscription services "are continuing to cause, serious and irreparable harm to Ubisoft," amid ongoing efforts to tackle cheaters in the tactical shooter. It follows a prior initiative from Ubisoft, outlining gameplay, technical, and legal action, resulting in a 93 percent drop in DDoS attacks. Tom Clancy's Rainbow Six Siege witnessed an uptick in network attacks throughout 2019, infamously marring the release of the Operation Ember Rise expansion with denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks. Flooding servers with requests with the aim of overload, it set to manipulate the game's skill-based ranking system, with a significant upset to the game's tactical multiplayer. The prevalence of attacks saw fast action from Ubisoft, outlining planned gameplay, technical, and legal crackdowns to combat the attacks. Those efforts eventually aided the 93 percent drop in DDoS activity, hugely reducing the presence across Rainbow Six Siege. And with a new lawsuit filed by Ubisoft, we're seeing legal action targeting individuals allegedly tied to third-party DDoS services. Court documents obtained by Polygon target several individuals behind "SNG.ONE," a website that sells DDoS subscriptions. With tiered memberships, their website reportedly allows individuals to easily target Rainbow Six Siege services, alongside other top titles like Fortnite, Call of Duty, and FIFA. Ubisoft reportedly looks to see the services shut down while granting damages and fees. "The DDoS Services represent an enormous threat to R6S and Ubisoft. The DDoS Services have caused, and are continuing to cause, serious and irreparable harm to Ubisoft, its valuable player community, and its business interests," the document claims. "Defendants are well aware of the harm that the DDoS Services and DDoS Attacks cause to Ubisoft. Indeed, Defendants have gone out of their way to taunt and attempt to embarrass Ubisoft for the damage its services have caused to R6S. For example, a Twitter account operated by one or more of Defendants has repeatedly mocked Ubisoft's security efforts, including Ubisoft's efforts to ban individuals utilizing Defendants' DDoS Services." The lawsuit also claims that defendants published a fictional seizure noticed on a website, in an effort to "hastily sought to conceal evidence." The lawsuit follows various efforts to combat player frustration in Rainbow Six Siege, tackling hacking, boosting, exploits, and more throughout 2019. Legal action marks the latest step in this initiative, as Rainbow Six Siege prepares for the Year 5 kick-off in February. Source
  20. Twenty-two women have won $12.75 million in a years-long lawsuit alleging a predatory scheme by GirlsDoPorn, a site that hosts purportedly one-time pornographic videos featuring “amateur” college-age women and teen girls. The women provided evidence that the company lured them into shoots under false pretenses, intimidated and coerced them into performing, and shared the images online without their consent. They sued a total of 13 affiliated businesses and individuals, including owner Michael Pratt, actor Andre Garcia, and videographer Matthew Wolfe. Screenshot: Michael Pratt, owner of GirlsDoPorn In a four-month trial, anonymous women testified that GirlsDoPorn flew them to San Diego hotels for “modeling” gigs. After they arrived, they said, the group gave them drugs and alcohol and hurried them to sign opaquely-worded contracts without telling them the name of their site, promising them that their videos would only be distributed on DVDs to private clients in New Zealand and Australia. Within weeks, clips appeared on the GirlsDoPorn homepage and sites like PornHub, and they were doxxed. The plaintiffs believe, in part, that the site itself helped disseminate their identities to acquaintances, employers, friends, and family in order to help the video go viral; GirlsDoPorn owner Michael J. Pratt briefly owned PornWikiLeaks, where their information was posted. Several testified that they’d asked to stop mid-shoot and were refused. One defendant alleged that she’d asked not to go through with the shoot at all, but the company threatened to withhold her hotel reservation and plane ticket home, knowing she couldn’t afford to pay for them herself. In October of last year, the Daily Beast reported on a motion in which their attorney claimed to have interviewed 100 women with similar stories of fraud and coercion by GirlsDoPorn, and over a dozen accused actor Andre Garcia of sexual assault. The parties stipulated that the company made over $1 million on the performers’ collective work. The company concealed their assets, and Pratt, who collects 100% of the profits from GirlsDoPorn, filed for bankruptcy; in a profile, the Daily Beast quoted texts submitted in evidence, saying: “As soon as I bankrupt the business...they [the plaintiffs] are f###d.” As Courthouse News reported in October of last year, at least one woman testified that she was paid half of the promised $5,000 because she “looked old.” She was 22 at the time of filming. In the verdict, San Diego Superior Court Judge Kevin Enright wrote that the contracts were “invalid and unenforceable–part and parcel of Defendants’ fraudulent scheme.” Enright found clear and convincing evidence that the syndicate acted in malice, oppression or fraud, writing: “Collectively, they have experienced severe harassment, emotional and psychological trauma, and reputational harm; lost jobs, academic and professional opportunities, and family and personal relationships; and had their lives derailed and uprooted. They have become pariahs in their communities. Several Plaintiffs have become suicidal.” GirlsDoPorn continued to show total indifference throughout the trial, even uploading a new video involving one Jane Doe who claimed that she was not made aware of the lawsuit when she shot the video in August. The women won a total of $9.45 million in compensatory damages, $3.3 million in punitive damages, and copyrights to their videos. GirlsDoPorn has been ordered to remove their videos from the internet. Pratt has fled the country and has been charged with additional counts of producing child pornography and child sex trafficking for coercing a 16-year-old into producing a video despite full knowledge of her age. The site is, unfortunately, still live. Source
  21. MOSCOW (Reuters) - A Russian court has blocked access to English Premier League game broadcasts by Amazon’s Twitch after Russia’s Rambler media group said it would sue the video streaming service over pirate broadcasts, the TASS news agency reported. Rambler plans to sue Twitch for 180 billion roubles ($2.82 billion) in a Russian court for what it said were 36,000 cases in which Twitch had violated its rights to broadcast the soccer games, the Kommersant newspaper reported earlier on Monday. The Moscow District Court said it planned to hear the case on Dec. 20. It said it had taken “interim measures” ahead of the hearing, but gave no further details. Amazon did not immediately reply to a request for comment. Rambler confirmed its plans to sue Twitch for damages and said it was holding talks with the service over a possible settlement deal. “Our suit against Twitch is to defend our exclusive rights to broadcast English Premier League matches and we will continue to actively combat pirate broadcasts,” said Mikhail Gershkovich, head of Rambler Group’s sports projects. “We’re currently holding talks with Twitch to sign a settlement agreement. The service has given us tools to combat pirate broadcasts and we are now only talking about compensation for damages between August and November,” he said. The court said it was unable to comment on the size of the lawsuit. “As regards the sum of the (suit), it was proposed by external lawyers who are running this case. The sum is technical and the maximum possible. It will be altered,” Gershkovich said. Source
  22. LA wants Uber’s location data, but the ride-hailing company says it’s worried about privacy The fight between the city of Los Angeles and scooter companies over location data is heating up. On Monday, Uber filed a lawsuit against LA’s Department of Transportation (LADOT) pushing back against the requirement that scooter operators share anonymized real-time location data with the city. The suit, which was first reported by CNET but has yet to be filed in LA Superior Court, centers on LADOT’s use of a digital tool called the mobility data specification program (MDS). The department created the tool as a way to track and regulate all of the electric scooters that are operating on its streets. MDS provides the city with data on where each bike and scooter trip starts, the route each vehicle takes, and where each trip ends. LADOT has said the data won’t be shared with police without a warrant, won’t contain personal identifiers, and won’t be subject to public records requests. Naturally, MDS has proven controversial with scooter companies, which have balked over having to share location data with the city. It’s growing into a bigger problem beyond LA. Cities such as Columbus, Chattanooga, Omaha, San Jose, Seattle, Austin, and Louisville are demanding scooter companies agree to share data through MDS as a condition for operating on their streets. Uber, which owns the dockless scooter and bike company Jump, said MDS would lead to “an unprecedented level of surveillance” and vowed to stop it. It’s leaning on a recent analysis by California’s Legislative Counsel to make its argument. The counsel said MDS could violate the California Electronic Communications Privacy Act, which was signed into law in 2015. In August, Uber and Lyft sent a letter to California Attorney General Xavier Becerra, in which the companies argued that LADOT was exceeding its authority with MDS. “While we support the creation of a global standard for data-sharing for local municipalities, it appears that certain city MDS requirements may be in violation of CalECPA,” the companies wrote. “We have repeatedly raised concerns directly with these municipalities throughout the development and implementation of MDS, and yet they continue to require the MDS as a condition of our operating permits.” In a statement, Uber said that it has exhausted its options and had “no choice” but to sue the city. A spokesperson for LADOT did not immediately respond to a request for comment. In an interview with The Verge on September 9th, LADOT director Seleta Reynolds said that the city “encoded” privacy protections into the regulations in order to give them “the force of law.” She added that it’s a “Day One job and a forever job” of city officials to make sure that the “open source tools that we build do not become tools that people can use to invade the privacy of others.” Source: Uber sues Los Angeles as the fight over scooter data escalates (via The Verge)
  23. Vimeo is under fire for allegedly collecting and storing users’ facial biometrics in videos and photos without their consent or knowledge. Vimeo, the popular ad-free video platform, is facing a lawsuit that alleges it stored people’s facial biometrics without their consent or knowledge. The lawsuit, which was filed on Sept. 20, claims Vimeo violated the Illinois Biometrics Information Privacy Act (BIPA). This is a law that imposes requirements on businesses that collect or otherwise obtain biometric information, including fingerprints, retina scans and facial recognition scans. “In direct violation of the BIPA, Vimeo is actively collecting, storing and using—without providing notice, obtaining informed written consent or publishing data retention policies—the biometrics of thousands of unwitting individuals throughout the country whose faces appear in photographs and/or videos uploaded to the Magisto ‘smart video editor’ application in Illinois,” according to the lawsuit. Vimeo did not immediately respond to a request for comment from Threatpost. Vimeo’s Magisto application is a short-form video editing platform that was acquired by Vimeo in April 2019, boasting more than 100 million users when acquired. Users can upload videos and pictures to the Magisto platform, and it will then use artificial intelligence-based technology to analyze the footage in order to edit the video. However, in order to perform this visual analysis, the platform has been collecting and storing thousands of “face templates” from users, the lawsuit alleges. These facial templates are “geometric data” of the face taken using facial recognition technology – such as the distance between eyes, nose and ears – which can then be used to store photos and videos for organizational purposes. “Each face template that Vimeo extracts is unique to a particular individual, in the same way that a fingerprint or voiceprint uniquely identifies one and only one person,” according to the lawsuit. The lawsuit was filed on behalf of the lead plaintiff, Illinois resident Bradley Acaley, who in December 2017 downloaded the Magisto app and purchased a one-year subscription to use the app’s Professional Service ($120). He then used the service to upload photos and videos of himself and his family (including his minor children) until December 2018, when his subscription expired and he did not renew it. However, Acaley said he can now access the uploaded content and claimed that Vimeo is collecting and storing his and his family’s facial biometrics data – which he claimed was used to recognize his gender, race, age and location. Acaley argued that Vimeo did not ask for his permission to collect unique biometric identifiers, and also did not give him an opportunity to prohibit the storage of such data. The lawsuit seeks to prevent Vimeo from further violating the privacy rights of Magisto users, and to “recover statutory damages for Vimeo’s unauthorized collection, storage and use of these individuals’ biometrics in violation of the BIPA.” The Illinois Biometrics Information Privacy Act Vimeo is only the latest company to be dinged as part of the Illinois BIPA. Facebook is also wrapped up in an ongoing U.S. lawsuit, which alleges that the social-media giant illegally collected biometric data for millions of users without their consent, utilizing facial recognition technology. Facial recognition is already actively used by police forces and even at the White House. And it’s not just the U.S; biometrics are spreading worldwide. The EU in April approved a massive biometrics database that combines data from law enforcement, border patrol and more for both EU and non-EU citizens. The lawsuit also comes as concern around biometrics privacy continues to make the news, with biometrics security company Suprema and the U.S. Customs and Border Protection both recently suffering data-leak incidents. Source
  24. The chip makers claims TSMC violates its patents. The competition between semiconductor giants is getting ugly, and it could have an unfortunate impact on many of the devices you buy. GlobalFoundries has sued the Taiwanese firm TSMC for allegedly violating 16 patents tied to its chip production business, including ones for semiconductor interconnects and the common FinFET design used in newer processors. The multiple lawsuits (plus complaints at the US International Trade Commission) claim 20 tech companies are infringing on its concepts, and they're definitely names you'll recognize. Apple, ASUS, Google, Lenovo, NVIDIA, OnePlus and Qualcomm are all accused of treading on GlobalFoundries' technology, although Moor Insights' Patrick Moorhead believed their inclusion was mainly meant as leverage against TSMC. The consequences could still be serious. In one of the ITC complaints, GlobalFoundries called for import bans on many of Apple's devices with mobile chips, including the iPhone XS, AirPods, Apple Watch Series 4 and Apple TV 4K. It would still be highly damaging for others. NVIDIA's GPU business revolves heavily around assembly at TSMC, for instance, such as the 12-nanometer chips at the heart of the GeForce RTX line. If GlobalFoundries prevailed, these companies might have no choice but to halt sales, at least until they find alternative production channels. In explaining the lawsuit, GlobalFoundries played heavily on the nationalism fueling the current trade war between the US and China. It characterized the lawsuits as "protecting" investments in US and European chip production while portraying TSMC as part of manufacturing's "shift to Asia." It also claimed that the suits would ensure a "competitive industry" for its customers. The reality may be more complicated. While it's true that TSMC is a dominant force in chipmaking with responsibilities for nearly half of all outsourced chip production, GlobalFoundries also bowed out of developing chips at 7nm and smaller processes. It effectively ceded competition in that space to rivals like TSMC with claims that it couldn't afford to spend the billions of dollars needed to keep up. It's not clear if a successful fight with TSMC would be enough to restart those efforts. As with some similarly broad legal battles, this may be as much about using patents as another source of income as it is a dispute over intellectual property. Source
  25. Capital One and GitHub have been hit with a class-action lawsuit over the recent data breach that resulted in the data of over 100 million Capital One customers being exposed. The law firm Tycko & Zavareei LLP filed the lawsuit on Thursday, arguing that GitHub and Capital One demonstrated negligence in their response to the breach. The firm filed the class-action complaint on behalf of those impacted by the breach, alleging that both companies failed to protect customer data. Personal information for tens of millions of customers was exposed after a firewall misconfiguration in an Amazon cloud storage service used by Capital One was exploited. The breach exposed around 140,000 Social Security numbers and 80,000 bank account numbers, along with the credit card applications of millions in both the U.S. and Canada. The individual who allegedly perpetrated the data breach, Seattle-based software engineer Paige Thompson, was arrested earlier this week. Thompson, a former Amazon employee, allegedly accessed the data in March and posted about her theft of the information on GitHub in April, according to the complaint. Another GitHub user notified Capital One, which subsequently notified the FBI. “As a result of GitHub’s failure to monitor, remove, or otherwise recognize and act upon obviously-hacked data that was displayed, disclosed, and used on or by GitHub and its website, the Personal Information sat on GitHub.com for nearly three months,” the law firm alleged in its complaint against GitHub and Capital One. The firm also alleged that computer logs “demonstrate that Capital One knew or should have known” about the data breach when it occurred in March, and criticized Capital One for not taking action to respond to the breach until last month. The lawsuit comes days after New York Attorney General Letitia James announced that her office is opening an investigation into the breach, and on the heels of another lawsuit being filed by a Connecticut resident in connection to the breach on behalf of all those impacted. Republican leaders of the House Oversight and Reform Committee are also demanding answers from Capital One and Amazon about the breach, and the Senate Banking Committee is likely to look into the incident once Congress returns from the August recess. Source
×
×
  • Create New...