Google has agreed to pay $7.5 million to resolve a class-action lawsuit over data breaches that exposed private information of former Google+ users to outside developers.
The proposed settlement, unveiled in papers filed this week with U.S. District Court Judge Edward Davila in San Jose, calls for Google+ users affected by the data breaches to receive between $5 and $12. Class counsel could receive up to $1.875 million in attorneys' fees.
“The settlement provides quick relief for settlement class members, including payments for potentially disseminating their non-public information to unauthorized third-party application developers,” class counsel writes in papers filed Monday. “Importantly, the personal information of all class members was never disseminated or accessed by hackers or other malicious third parties, but instead was potentially exposed to third-party software developers known to Google.”
If approved by Davila, the agreement will end a lawsuit initially filed in October of 2018 by California resident Matt Matic and Florida resident Zak Harris. The pair brought suit the same day The Wall Street Journal reported that a glitch in Google's system allowed outside developers to access information about Google+ users' contacts.
Two months later, it came to light that a second data breach also exposed information about Google+ users to outside developers.
Matic and Harris alleged in their original complaint that the type of data leaked by Google is “highly valuable to identity thieves,” because the information can “be used to gain access to a variety of existing accounts and websites.”
Google and the class representatives reached a settlement after engaging in mediation in August, according to the court papers. The deal allows people with Google+ accounts between January 2015 and April 2, 2019 (when the company shuttered the service), and whose nonpublic information was exposed, to submit claims.
Davila is expected to hold a hearing on the proposal next month.