How to Win a LinkedIn Security Breach Lawsuit
A LinkedIn security breach is one of the most blatant examples of an unsecured website. It’s also one of the most significant in recent history, affecting more than 500 million users. LinkedIn’s security breach has led to a class action lawsuit – which means that members can sue to recover damages and receive payment for their losses. This lawsuit has become the most common type of online data breach claim. Here’s how to win a lawsuit against LinkedIn.
Class-action lawsuit
A recent class-action lawsuit against LinkedIn for its security breach has made headlines around the world. The company, which has an estimated market value of $33 billion, has been sued by three companies related to the security breach. While these lawsuits may seem trivial, the fact remains that they are a huge business, with many incentives for the company to settle. Luckily for LinkedIn users, it is unlikely that such a lawsuit will result in any actual damages for LinkedIn users.
This lawsuit claims that LinkedIn violated California’s Unfair Competition Law by not employing industry standard protocols and practices to protect its users’ personal information. This failure arose because LinkedIn deceived plaintiffs into registering with the company. LinkedIn also violated its User Agreement and Privacy Policy by omitting to implement industry-standard protocols to safeguard user information. This violation of the California Unfair Competition Law automatically makes the company negligent.
Class members’ damages
The latest class action lawsuit filed against LinkedIn is Sweet v. LinkedIn, alleging that the company violated the Fair Credit Reporting Act and other laws by misusing the contact information of its users. The case involves a series of data breaches that LinkedIn allegedly committed, including sending out unsolicited spam. Nicole Strecker has a great post on the lawsuit. Heather Bussing is an attorney and Editorial Advisory Board member of HR Examiner. She has been practicing employment law for over twenty years.
Katie Szpyrka is the lead plaintiff in the LinkedIn security breach lawsuit. Her complaint alleges that LinkedIn failed to properly protect the personal information of 6.5 million users, exposing the passwords of millions of users. Even though LinkedIn was paid by many users, Szpyrka’s complaint argues that the company did not protect her passwords from hackers. Specifically, LinkedIn failed to use hashing and salting, which could have protected her information. This meant that 60 percent of the stolen passwords were crackable within hours.
Panthers Ptd. Ltd.’s liability
LinkedIn has settled its lawsuit against Singapore-based Mantheos Ptd. Ltd., which admitted to gathering member information from LinkedIn Corp. in June 2021. The company agreed to permanently bar itself from scraping member data and to delete any software it had used to access member profiles. In return, the company has agreed to cease access to LinkedIn member profiles through automated means.
The LinkedIn security breach lawsuit, which sought $5 million in damages, has been thrown out after the company agreed to pay a settlement to avoid litigation. The remaining funds will be split among three organizations: the World Privacy Forum, Carnegie Mellon CyLab, and the Center for Democracy & Technology. The original lawsuit claimed that LinkedIn failed to encrypt passwords and personally identifiable information.
LinkedIn’s user agreement
This security breach lawsuit is a rare instance of a consumer-facing legal action over the misrepresentation of a company’s data security policy. The user agreement of social networking site LinkedIn contains language that states that “the company is bound by its data security policy.” The plaintiffs, in this case, alleging that LinkedIn misrepresented its security policies, which they say resulted in unauthorized access to their personal information. The lawsuit claims that LinkedIn violated the privacy policies and user agreements of premium subscribers by failing to protect the passwords of its users.
The lawsuit claims that LinkedIn violated the Fair Credit Reporting Act, the California Unfair Competition Law, and the California Unfair Competition Law by failing to use industry-standard technology and protocols to protect user data. In addition to violating its user agreement, the lawsuit contends that LinkedIn misrepresented its ability to protect users’ sensitive personal information and that it induced plaintiffs to register with the company by misleading them with its claim of security.