Judge Dismisses Data-Breach Lawsuit Against LinkedIn
Handing a victory to LinkedIn, a federal judge has dismissed a potential class-action lawsuit alleging that the social networking service failed to deploy adequate measures to
secure users' log-in credentials.
U.S. District Court Judge Edward Davila ruled on Tuesday that the users couldn't proceed with their case against LinkedIn because they hadn't shown any economic injury. The dismissal was without prejudice, meaning that the users can revise their complaint and file it again.
The case dates to last year, when users Katie Szpyrka and Khalilah Wright alleged that the service didn't use basic encryption techniques to secure personally identifiable information. Last June, hackers breached the company's servers, and then posted 6 million users' passwords online.
The consumers, who both say they paid for premium accounts, argued that they wouldn't have done so if they had known about LinkedIn's "substandard security procedures." They argued that they suffered an economic loss as they didn't receive the security features they assumed were purchased with their membership fees.
"Any alleged promise LinkedIn made to paying premium account holders regarding security protocols was also made to non-paying members," he wrote. "Thus, when
a member purchases a premium account upgrade, the bargain is not for a particular level of security, but actually for the advanced networking tools and capabilities to facilitate enhanced usage of
Wright also alleged that she is at risk of future harm because her password was among the ones posted online. But Davila rejected that theory, ruling that Wright didn't show she had suffered a "legally cognizable injury," such as identity theft.