Judge throws out Steam breach lawsuit over lack of "harm"

Share this article:

A U.S. District Court judge in Washington state has dismissed a lawsuit against the owner of an online video game distribution network because the plaintiffs were unable to prove that they were harmed by a breach last year that exposed the personal information of up to 35 million people.

Led by Oliver Grigsby, the plaintiffs, who are users of a service known as Steam, sought to recover damages as a result of a Nov. 6, 2011 breach -- one of the largest of the year -- in which hackers accessed subscribers' credit and debit card information, billing addresses and usernames and passwords.

The plaintiffs alleged that Bellevue, Wash.-based Valve, which owns Steam, failed to adequately safeguard their  sensitive information. They argued that they should be awarded damages for both the possibility that fraud could occur as a result of the breach and also to make good on service and subscription issues that arose after the breach.

But federal Judge James Robart, sitting in Seattle, rejected both arguments, according to court documents.

"...[F]ederal courts routinely dismiss actions in which the only damages a plaintiff alleges are increased risk of identity theft and money spent monitoring credit and attempting to prevent identity theft,"  he wrote last week in his motion to dismiss. "In short, when personal information is compromised due to a security breach, there is no cognizable harm, absent actual fraud or identy theft."

He also denied allegations that the plaintiffs also suffered present harm, which they contended included a loss of data and an interruption of access to Steam's services. Robart ruled that the plaintiffs did not exhibit they met the necessary threshold to win these claims, saying they were were not specific enough.

"They say nothing about which services were interrupted, which subscriptions or gaming networks they were unable to access, what data they 'lost, how their data could have been 'lost' in this situation, or how they may have lost money subscribing to Stream, which is free," Robart said.

An attorney for the plaintiffs did not immediately return a telephone call seeking comment.

A teen hacker who uses the alias TehWongZ took credit for the breach a few days after it happened, according to a tweet.

He was arrested in December for launching a distributed denial-of-service attack against his school in the U.K. and defacing a Manchester, U.K. credit union, according to a leaked FBI conference call from earlier this year. He was the face behind CSLsec (Can't Stop Laughing Security), a supposed three-member offshoot of LulzSec, the official said.

"He's basically just doing all of this for attention and [he's] a bit of an idiot," a Scotland Yard rep said on the call.

Share this article:

Sign up to our newsletters

More in News

Senator Leahy prepares bill to tackle NSA snooping

The bill is set to be introduced on Tuesday.

Malware used to compromise payment cards at Wendy's restaurant in Michigan

Customers who paid with credit and debit cards at a Wendy's in Michigan may have had their payment card compromised if they used it at the restaurant for about a month prior to July 15.

Report: Japan eyes law requiring security incident reporting

Bloomberg says the Japanese government is eyeing cyber security legislation to make companies 'fess up to security incidents impacting users.