• by Wendy Davis  @wendyndavis, September 21, 2015

A federal judge has granted final approval to LinkedIn's $1.25 million settlement of a class-action lawsuit stemming from a 2012 data breach.

The deal requires LinkedIn to pay approximately $15 each to almost 50,000 users who purchased premium memberships to the service. LinkedIn also must use security techniques including "salting" and "hashing" for at least five years.

U.S. District Court Edward Davila's approval of the deal closes the chapter on a data breach that occurred in 2012, when hackers obtained access to the company's servers and then posted 6.4 million users' passwords online. Shortly afterward, Virginia resident Khalilah Gilmore-Wright, a paid LinkedIn subscriber, alleged in a class-action lawsuit that she wouldn't have purchased a premium membership had she known the company used "obsolete" security measures.

LinkedIn and class-counsel forged a settlement last year, after they met with a mediator. The deal allowed LinkedIn's paid users to submit claims, but only if they declared that they read the privacy policy and were influenced by the company's statements about security. Between 2007 and 2012, LinkedIn garnered around 800,000 premium subscribers, who paid at least $19.95 a month for membership, according to court papers. Only around 47,300 submitted valid claims.

Davila, who presides in San Jose, California, said in a written opinion that he approved the deal for several reasons, including that it was "far from certain" that the consumers would have won a contested trial.

"Plaintiffs' claim does not assert that class members were necessarily harmed by the data breach, but that they overpaid for their premium LinkedIn subscription because they did not receive promised data security," Davila wrote in an opinion issued last week.

Litigating those questions "would have entailed a 'battle of the experts,' the outcome of which is in no way guaranteed," he said.