HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
Insiders who have valid credentials to access confidential info cannot be charged under US anti-hacking law
A ruling handed up this week in a US appeals court found staff who violate their organisation's user policies do not violate the federal Computer Fraud and Abuse Act (CFAA).
David Kosal, a former manager at executive search firm Korn/Ferry, beat charges that he convinced three of his former co-workers to use their valid login credentials to access and download customer lists and then transfer them to him so he could start a competing company.
While staff were prohibited from disclosing private information under their company policy, Kosal filed a motion to have five counts including "aiding and abetting" and "intent to defraud" dismissed.