LinkedIn Seeks Dismissal Of Data-Breach Lawsuit
Social networking service LinkedIn is asking a judge to slam the courthouse door on a user who is trying to bring a class-action lawsuit against the company for failing to prevent a data breach.
LinkedIn says that the
consumer, Virginia resident Khalilah Wright, still hasn't set out sufficient allegations to proceed with their lawsuit, which alleges that the company didn't use basic encryption techniques to secure
personally identifiable information.
A previous version of Wright's lawsuit was dismissed in March, but the dismissal was without prejudice -- which enabled Wright to amend her claims and try again.
The lawsuit stems from an incident last June, when hackers obtained access to the company's servers and then posted 6.4 million users' passwords online. Wright, who purchased a
premium LinkedIn membership, says in her latest complaint that she wouldn't have done so had she known the company used “obsolete” security measures.
“Had LinkedIn informed its Premium Subscribers that it would use security measures that were obsolete before the iPhone or Twitter were first released, Wright would not have been willing to purchase her LinkedIn Premium Subscription at the price charged, if at all,” she alleges in her most recent court papers, filed in April.
She alleges that LinkedIn violated various California business laws and also broke its contract with her.
When Davila dismissed the
earlier version of the case, he said in the ruling that Wright hadn't shown that she paid membership fees in exchange for additional security measures. But Wright's latest complaint includes a
declaration from an expert, computer scientist Serge Egelman, who says his research shows that consumers who pay Web sites for memberships expect extra security.
“Through a survey I conducted the week of April 1, 2013, I determined that when consumers pay for a 'premium” social networking service, they expect their information to be protected with a heightened level of security, and that, at a bare minimum, industry-standard security protocols will be used to guard their information,” Egelman stated in court papers.
LinkedIn argues that Wright shouldn't be able to proceed in federal court without first showing that she suffered an injury. “Wright does not allege any harm other than her allegation that she overpaid,” LinkedIn argues in papers filed on Thursday with U.S. District Court Judge Edward Davila in San Jose, Calif. “She does not allege that the criminal password theft resulted in or will result in any harm to her; indeed, she does not even allege that her password was stolen.”
LinkedIn is asking Davila to dismiss Wright's complaint with prejudice, which would prevent her from bringing it again.