Judge Dismisses Data-Breach Lawsuit Against LinkedIn


Handing a victory to LinkedIn, a federal judge has dismissed a potential class-action lawsuit alleging that the social networking service failed to deploy adequate measures to secure users' log-in credentials.

U.S. District Court Judge Edward Davila ruled on Tuesday that the users couldn't proceed with their case against LinkedIn because they hadn't shown any economic injury. The dismissal was without prejudice, meaning that the users can revise their complaint and file it again.

The case dates to last year, when users Katie Szpyrka and Khalilah Wright alleged that the service didn't use basic encryption techniques to secure personally identifiable information. Last June, hackers breached the company's servers, and then posted 6 million users' passwords online.

Szpryka and Wright argued that LinkedIn violated its privacy policy by using sub-par encryption methods. The company says in its privacy policy that it protects users' information using "industry standard protocols and technology," according to the complaint.

The consumers, who both say they paid for premium accounts, argued that they wouldn't have done so if they had known about LinkedIn's "substandard security procedures." They argued that they suffered an economic loss as they didn't receive the security features they assumed were purchased with their membership fees.

But Davila disagreed with their contention that they paid membership fees in exchange for security measures, noting that LinkedIn's privacy policy was the same for paying and non-paying members.

"Any alleged promise LinkedIn made to paying premium account holders regarding security protocols was also made to non-paying members," he wrote. "Thus, when a member purchases a premium account upgrade, the bargain is not for a particular level of security, but actually for the advanced networking tools and capabilities to facilitate enhanced usage of LinkedIn's services."

Wright also alleged that she is at risk of future harm because her password was among the ones posted online. But Davila rejected that theory, ruling that Wright didn't show she had suffered a "legally cognizable injury," such as identity theft.

Next story loading loading..