Judge throws out Steam breach lawsuit over lack of "harm"

Share this article:

A U.S. District Court judge in Washington state has dismissed a lawsuit against the owner of an online video game distribution network because the plaintiffs were unable to prove that they were harmed by a breach last year that exposed the personal information of up to 35 million people.

Led by Oliver Grigsby, the plaintiffs, who are users of a service known as Steam, sought to recover damages as a result of a Nov. 6, 2011 breach -- one of the largest of the year -- in which hackers accessed subscribers' credit and debit card information, billing addresses and usernames and passwords.

The plaintiffs alleged that Bellevue, Wash.-based Valve, which owns Steam, failed to adequately safeguard their  sensitive information. They argued that they should be awarded damages for both the possibility that fraud could occur as a result of the breach and also to make good on service and subscription issues that arose after the breach.

But federal Judge James Robart, sitting in Seattle, rejected both arguments, according to court documents.

"...[F]ederal courts routinely dismiss actions in which the only damages a plaintiff alleges are increased risk of identity theft and money spent monitoring credit and attempting to prevent identity theft,"  he wrote last week in his motion to dismiss. "In short, when personal information is compromised due to a security breach, there is no cognizable harm, absent actual fraud or identy theft."

He also denied allegations that the plaintiffs also suffered present harm, which they contended included a loss of data and an interruption of access to Steam's services. Robart ruled that the plaintiffs did not exhibit they met the necessary threshold to win these claims, saying they were were not specific enough.

"They say nothing about which services were interrupted, which subscriptions or gaming networks they were unable to access, what data they 'lost, how their data could have been 'lost' in this situation, or how they may have lost money subscribing to Stream, which is free," Robart said.

An attorney for the plaintiffs did not immediately return a telephone call seeking comment.

A teen hacker who uses the alias TehWongZ took credit for the breach a few days after it happened, according to a tweet.

He was arrested in December for launching a distributed denial-of-service attack against his school in the U.K. and defacing a Manchester, U.K. credit union, according to a leaked FBI conference call from earlier this year. He was the face behind CSLsec (Can't Stop Laughing Security), a supposed three-member offshoot of LulzSec, the official said.

"He's basically just doing all of this for attention and [he's] a bit of an idiot," a Scotland Yard rep said on the call.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.