Lawsuit Over LinkedIn Data Breach Heats Up

LinkedIn faces accusations of fraud in a class-action lawsuit stemming from a data breach its systems suffered almost two years ago. In June 2012, hackers infiltrated the professional networking site and posted passwords of 6.5 million LinkedIn members, and the plaintiff in the suit has claimed the site misrepresented its security measures.

The primary plaintiff, Khalilah Wright, argues that she would have perceived her premium LinkedIn account, which she opened in 2010, as less valuable, had she known about the company’s “lax security practices,” according to court documents. On March 28, U.S. District Court Judge Edward Davila denied LinkedIn’s motion to dismiss the claim. Previously, the court had dismissed plaintiffs’ claims that the breach caused them financial loss or future harm.

After that dismissal last year, Wright amended her complaint, but Davila threw out her claims of unfair competition and breach of contract. Still, the fraud claim stands.

How Secure?

“Plaintiff alleges that the representation in the Privacy Policy is likely to deceive the public because consumers would believe that LinkedIn used a more effective method of securing its users’ data than it actually did,” Davila wrote.

Wright argued that the industry standard was to use two-layered encryption but LinkedIn used only one at the time of the breach. (It has added a second since then.)

Wright is saying she wouldn’t have upgraded to a premium account (or would have argued to pay less for it) had she known this, but the privacy policy stated users’ information “will be protected with industry standard protocols and technology.”

LinkedIn argued that the privacy policy is the same for free and premium accounts, so it wouldn’t incentivize a user to upgrade.

Whether LinkedIn will be held liable for allegedly misrepresenting its security practices will be determined later. A case management conference is scheduled for June 6.

More from
View Comments (1)