A federal judge
has refused to dismiss a lawsuit accusing LinkedIn of failing to use encryption techniques to secure users' personally identifiable information.
The ruling, quietly issued late last month
by U.S. District Court Judge Edward Davila in San Jose, Calif., means that Virginia resident Khalilah Wright can proceed with her potential class-action against the social networking service.
Wright's lawsuit stems from an incident in 2012, when hackers obtained access to the company's servers and then posted 6.4 million users' passwords online. Wright, who purchased a premium LinkedIn
membership, alleges that she wouldn't have paid for the service if she had known the company used “obsolete” security measures.
Wright alleged that the company violated a
LinkedIn argued that the case
should be dismissed on the grounds that Wright didn't experience a tangible injury as a result of the data breach.
But Davila ruled that Wright's allegations were sufficient to allow her to
proceed. “She alleges that she purchased her premium subscription on the basis of LinkedIn’s statement that its users’ data will be secured with industry standards and technology,
she alleges that the statement was false when she read and relied on it, and she alleges that she would not have made the purchase (or that she would have negotiated for a lower price) but for the
misrepresentation,” Davila wrote. “Her injury ... is fairly traceable to LinkedIn’s conduct because LinkedIn made the misrepresentation.”
Even though the ruling
paves the way for Wright to litigate the matter, she and LinkedIn appear to be taking steps to resolve the matter. This week, Davila signed an order sending the case to mediation, and gave Wright and
LinkedIn up to 90 days to reach a settlement.