A federal judge has granted final approval to
LinkedIn's $1.25 million settlement of a class-action lawsuit stemming from a 2012 data breach.
The deal requires LinkedIn to pay approximately $15 each to almost 50,000 users who purchased
premium memberships to the service. LinkedIn also must use security techniques including "salting" and "hashing" for at least five years.
U.S. District Court Edward Davila's approval of the
deal closes the chapter on a data breach that occurred in 2012, when hackers obtained access to the company's servers and then posted 6.4 million users' passwords online. Shortly afterward, Virginia
resident Khalilah Gilmore-Wright, a paid LinkedIn subscriber, alleged in a class-action lawsuit that she wouldn't have purchased a premium membership had she known the company used "obsolete" security
measures.
LinkedIn and class-counsel forged a settlement last year, after they met with a mediator. The deal allowed LinkedIn's paid users to submit claims, but only if they declared that they
read the privacy policy and were influenced by the company's statements about security. Between 2007 and 2012, LinkedIn garnered around 800,000 premium subscribers, who paid at least $19.95 a month
for membership, according to court papers. Only around 47,300 submitted valid claims.
Davila, who presides in San Jose, California, said in a written opinion that he approved the deal for
several reasons, including that it was "far from certain" that the consumers would have won a contested trial.
"Plaintiffs' claim does not assert that class members were necessarily harmed by
the data breach, but that they overpaid for their premium LinkedIn subscription because they did not receive promised data security," Davila wrote in an opinion issued last week.
Litigating
those questions "would have entailed a 'battle of the experts,' the outcome of which is in no way guaranteed," he said.