A federal judge has granted final approval to LinkedIn's $1.25 million settlement of a class-action lawsuit stemming from a 2012 data breach.
The deal requires LinkedIn to pay approximately $15 each to almost 50,000 users who purchased premium memberships to the service. LinkedIn also must use security techniques including "salting" and "hashing" for at least five years.
U.S. District Court Edward Davila's approval of the deal closes the chapter on a data breach that occurred in 2012, when hackers obtained access to the company's servers and then posted 6.4 million users' passwords online. Shortly afterward, Virginia resident Khalilah Gilmore-Wright, a paid LinkedIn subscriber, alleged in a class-action lawsuit that she wouldn't have purchased a premium membership had she known the company used "obsolete" security measures.
Davila, who presides in San Jose, California, said in a written opinion that he approved the deal for several reasons, including that it was "far from certain" that the consumers would have won a contested trial.
"Plaintiffs' claim does not assert that class members were necessarily harmed by the data breach, but that they overpaid for their premium LinkedIn subscription because they did not receive promised data security," Davila wrote in an opinion issued last week.
Litigating those questions "would have entailed a 'battle of the experts,' the outcome of which is in no way guaranteed," he said.