• by Wendy Davis  @wendyndavis, April 17, 2020

The state of Rhode Island is asking a federal appellate court to revive claims that Alphabet violated securities laws by waiting too long to disclose a data breach that affected Google+ users.

Rhode Island's treasurer, who sued on behalf of the state pension system -- a company investor -- initiated the appeal this week by filing papers with the 9th Circuit Court of Appeals.

The original lawsuit, filed against Google's parent company, stems from software vulnerabilities in Google's system -- including a bug allowed outside developers to access private information about Google+ users, including their birth dates, photos, occupations, and addresses.

Google allegedly learned of the security glitch in March of 2018, and fixed it by April. But the company did not publicly disclose it until October of 2018, when The Wall Street Journal reported on the bug.

Rhode Island's treasurer alleged in an October 2018 complaint that Google violated securities laws by failing to reveal the data breach in the company's April or July filings with the Securities and Exchange Commission.

U.S. District Court Judge Jeffrey White in San Francisco dismissed the lawsuit earlier this year. He ruled that even if the allegations in the complaint were true, they wouldn't show that Google had made any false or misleading statements in its regulatory submissions. His decision noted that Google had already remedied the software bug before its April filing.

In addition to the lawsuit by Rhode Island, Google also was hit with a class-action on behalf of Google+ users.

In January, the company agreed to a $7.5 million settlement of that matter. The deal, which still awaits approval by U.S. District Court Judge Edward Davila in San Jose, calls for Google+ users affected by the data breaches to receive between $5 and $12.