From: Mike Simon (msimoncreationlogic.com)
Date: Wed Mar 19 2008 - 19:58:04 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think you're right in also considering that the product was used
correctly and just not up to the task, which raises an interesting but
possibly off-topic question in my mind. If Rapid7 falsely attributes
the incident to mis-use of their product in a public forum (the press
release), essentially increasing the potential liability of Hannaford,
it seems like Hannaford might have a cause of action against Rapid7.
The cause of action is unrelated to the performance of their product,
which I'm sure is well protected by the license agreement, but instead
related to (potentially) false and (potentially) damaging statements
about Hannaford's security practices.

It seems to me that the statement in the revised press release has no
real upside for Rapid7 true _or_ false. As someone stated earlier in
this thread, they should have withdrawn the press release from their
web site and taken their lumps.

I'm certainly not a lawyer, and have NO knowledge of the incident,
truthfulness of the subsequent Rapid7 disclaimers or really anything
at all. This is intended as a discussion of hypothetical outcomes.

Mike

On Wed, Mar 19, 2008 at 5:40 PM, Jamie C. Pole <jpolejcpa.com> wrote:
>
> Let's also consider the possibility the Hannaford WAS using the tool
> correctly, and that it just didn't work as advertised.
>
> As far as the law firm being on the ball, trust me, they are. I know this
> firm well, and they will absolutely include Rapid7 in their discovery
> process. If I was senior management at Rapid7, I would NOT be sleeping well
> right now.
>
> The kiss of death in this case is going to be the fact that there have been
> around 1800 reported cases of fraud stemming from the incident. This was
> not an accident.
>
> Jamie
>
>
> -----Original Message-----
> From: dataloss-bouncesattrition.org [mailto:dataloss-bouncesattrition.org]
> On Behalf Of Mike Simon
> Sent: Wednesday, March 19, 2008 6:47 PM
> To: lyger; dataloss-bouncesattrition.org; datalossattrition.org
> Subject: Re: [Dataloss] Consumers of Hannaford Brothers Co. Supermarkets
> FileClass Action Suit
>
>
>
> This could not be a better example of why companies hesitate to disclose
> details. If this lawfirm is on the ball. They will get access to the
> exchange with Rapid7 which, according to the press release changes,
> indicates potential additional negligence in that the had a tool that may
> have prevented this problem and failed to use it properly. Not a helpful
> disclosure for Hannaford with respect to the class action.
>
> Mike
>
>
>
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]