• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

The U.S. Department of Defense Hit With $4.9B Lawsuit Over Data Breach

October 17, 2011

Views: 11,851

We haven’t published anything about the Defense Department for a while, the last news really was the whole RSA SecurID thing which affected some of the US DoD sub-contractors.

The latest news is they’ve been hit with a colossal lawsuit of almost $5 Billion! The lawsuit is regarding a recent breach involving a healthcare system for military personnel and their families.

It’s a pretty heavy suit, claiming $1000 for each of the 4.9 million people affected by the compromise.

The U.S. Department of Defense has been hit with a $4.9 billion lawsuit over a recently disclosed data breach involving TRICARE, a healthcare system for active and retired military personnel and their families.

The lawsuit, filed in federal court in Washington D.C. this week by four people whose data was allegedly compromised, seeks $1000 in damages for each of the 4.9 million individuals affected by the breach.

The suit charges TRICARE, the Department and Defense Secretary Leon Panetta with failing to adequately protect private data and of “intentional, willful and reckless disregard” for patient privacy rights.

TRICARE did not respond immediately to a request for comment. In the complaint, the four plaintiffs faulted TRICARE for failing to properly encrypt the private data in its possession and for taking too long to notify victims of the breach.

The four plaintiffs are Virginia Gaffney, a Hampton, Va.-based individual who described herself in court papers as the spouse of a decorated war veteran; her two children; and Adrienne Taylor, a Glendale, Az. Based Air Force veteran.

It’s an interesting culture the US has, people are always suing each other, bringing up lawsuits with ridiculous amounts and trying to get a free ride out of something that didn’t really affect them adversely.

Seriously, do you really think this data breach affected the plaintiff in any negative manner – I don’t see how it could of to be honest. Either way it’s an interesting case and it could potentially cost the already struggling US government a boatload of money.

TRICARE in September disclosed that sensitive data including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to about 4.9 million active and retired U.S. military personnel may have been compromised after unencrypted backup tapes containing the data went missing.

The information on the tapes was from an electronic healthcare application used to capture patient data. The backup tapes were stolen from the car of an employee at Science Applications International Corp. (SAIC), a TRICARE contractor. The breach affects all those who received care at the military’s San Antonio area military treatment facilities between 1992 and Sept. 7. 2011.

Lawsuits such as this one have become increasingly common in the immediate aftermath of a major data breach.

Earlier this month, for instance, Stanford Hospital and Clinics was hit with a $20 million proposed class action lawsuit for a data breach involving a third-party contractor. And major breaches such as the ones at Heartland Payment Systems, TJX and Hannaford Bros. have all prompted their share of consumer lawsuits charging the companies with negligence, breach of contract and other charges.

In many cases, courts however have tended to dismiss lawsuits in data breach cases. Several courts have held that consumers cannot claim compensatory or punitive damages in data breach cases unless they can demonstrate that they have suffered actual monetary damage as the result of a breach.

The notion that someone might become the victim of ID theft in future because of a data breach cannot be used as a basis for claims, courts have held.

It’s a pretty huge breach seen as though the tapes stolen contained backups with 19 years of data on them, that’s a LOT of data. But then again, like I said above – they are unlikely to get anywhere with this as I don’t think they would have lost any money from this breach.

Once again it was due to a third party contractor being careless – as has been the case many times. And well in this case, if they do get hit with the lawsuit and need to pay out – they should pass it onto the contractor.

Source: Network World

Share
Tweet27
Share11
Buffer
WhatsApp
Email
38 Shares

Filed Under: Legal Issues, Privacy Tagged With: data breach, Privacy



Reader Interactions

Comments

  1. Bogwitch says

    October 17, 2011 at 8:51 pm

    I hear what you’re saying that the contractor is at least partly responsible for the breach but the fact that this quantity of data was being backed up with no apparent encryption means that the DoD was also responsible.
    I have written on my blog about NHS InfoSec being poor in the UK and the withdrawal of funding will exacerbate that immensely. I would be interested to see how the private sector in the UK performs. Unfortunately, the DPA does not have anywhere near the same teeth as HIPAA therefore the incentives to do information protection properly in the UK are greatly reduced.
    The great risk from this exposure is the medical information of current serving forces personnel could, if embarrassing, be used to blackmail for higher protectively marked information.

  2. Z says

    October 17, 2011 at 9:18 pm

    I believe you’re missing the point. The DOD has lost my data on numerous occasions. Some were large corporations, some educational institutions and persons I work with have emailed spreadsheets of personal data to mailing lists unintentionally. Some of the time we receive a notification and on one occasion I received a free years worth of credit reporting.

    The problem is that these companies and individuals have broken contractual and legal obligations to individuals. The unfortunate reality is that these companies and persons continue their work unabated. The only recourse as an individual is a lawsuit. The people outside of the DOD that were harmed by this should consider themselves lucky. Active military service members cannot take legal recourse with some of the parties involved.

    I used to be of the same mindset as you. That Americans were sue happy and that it was unbecoming. Unfortunately due to the way our legal system works lawsuits are the only way a victim is able to bring about justice. The Justice Department should be the ones taking them to court but because it was a large government organization and defense contractor that will never happen.

    Cheers,
    Z

  3. ted says

    October 18, 2011 at 4:05 am

    The federal tort claims act allows monetary recovery against the United States for damages, loss of property, personal injury or death. In seeking recovery, one must show that the damages occurred as a result of the negligent or wrongful acts of government employees acting within the scope of their employment, under circumstances where the United States, if a private person, would be liable to the claimant in accordance with the law of the place where the act or omission occurred.

    http://www.finchmccranie.com/refresher.htm

  4. Darknet says

    October 20, 2011 at 2:26 pm

    Good comments guys thanks, can’t say I’m super enlightened when it comes to the US law or cultures.

  5. Kelly Stevens says

    November 13, 2011 at 8:36 pm

    $1000 is about what it will cost for credit monitoring to assure the lost data isn’t being used. If it is used, the loss to the victim is much higher. How is the plaintiff not being harmed in ant way?

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 488

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 517

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 548

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 424

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 647

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 583

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (234)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,296,350)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,097)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,631)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,689)
  • Password List Download Best Word List – Most Common Passwords (933,504)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,157)
  • Hack Tools/Exploits (673,297)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,172)

Search

Recent Posts

  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy