Judge throws out lawsuit over LinkedIn password breach

Share this article:

A U.S. District Court judge has dismissed a class-action lawsuit brought against LinkedIn as a result of a 2012 password breach.

Edward Davila, a U.S. District Court Judge in San Jose, Calif., on Wednesday granted the business networking site's request to have the suit tossed. He said the plaintiffs failed to prove the incident caused them financial loss or future harm.

Plaintiffs Katie Szpyrka and Khalilah Gilmore-Wright filed the suit in November after hackers in June posted online nearly 6.5 million passwords of LinkedIn users.

The two women cited several missteps by the company, among them, that LinkedIn allegedly showed negligence and breached an implied contract to “reasonably safeguard user information,” a court document filed Wednesday said.

In the 2012 incident, hackers dumped LinkedIn user passwords on an online Russian forum. While the passwords were protected with an outdated cryptographic hash function, SHA-1, the company was criticized for not taking other security steps, like salting users' passwords, a technique which randomly appends a string of characters.

In the case, the plaintiffs failed to demonstrate a number of factors when alleging the breach caused them economic harm, Judge Davila ruled.

Notably, he said neither of the plaintiffs said they read LinkedIn's privacy policy.

“Plaintiffs do not even allege that they actually read the alleged misrepresentation – the privacy policy – which would be necessary to support a claim of misrepresentation,” the ruling said.

In addition, Szpyrka and Gilmore-Wright failed to prove economic loss resulting from a breach of contract by LinkedIn, or that the company provided insufficient or “defective” security services, Davila said.

Gilmore-Wright argued that her password being posted on the internet caused her an “increased risk of future harm,” but the courts dismissed that claim as well.

“Wright fails to show how this amounts to a legally cognizable injury, such as, for example, identity theft or theft of her personally identifiable information,” the ruling said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.