iData Security and Privacy are major concerns (and hot topics) in the legal world. Big names like Target, Home Depot, and more recently Anthem Insurance have all had their security breached and sensitive customer information compromised, and there have been significant litigious consequences for these companies.
LinkedIn, the popular social networking site designed to help individuals connect professionally, promote themselves and their skills, and keep a sort of digital resume to impress potential employers is in the process of settling two lawsuits that stem from data breaches. One involving a data security breach, and another accusing the site of “hacking” users email addresses to send out invitations to join the network.
In June 2012 weak security protecting user passwords resulted in 6.5 million encoded LinkedIn user passwords popping up on a Russian hacker site. This quickly turned into the actual passwords being decoded, and user data was compromised. The company acted quickly to improve security, and users were advised to update passwords. Even with this action, LinkedIn users who were paying a fee for additional services filed a lawsuit and argued that they had been about the company’s data security.
A settlement that has preliminary approval in Northern California court would award 1.25 million dollars to the roughly 800,000 users who had premium services from the site. The math ends up being about a dollar per user, but since not all users are likely to apply it might be a bit more. LinkedIn said in a statement that the company agreed to the settlement in order to “avoid the distraction and expense of ongoing litigation.”
Another privacy case against LinkedIn involves users who claim LinkedIn’s access to email accounts and their repeated emailing of user’s contacts with invitations to join the social network constitutes “breaking into” the email accounts and pretending to be the account owner. The main issue revolves around LInkedIn’s policy on how the service uses sensitive information and how it informs clients of its use of that information. The complaint alleges:
Linkedln sends multiple e-mails endorsing its products, services and brand to potential new users. In an effort to optimize the efficiency of this marketing strategy, Linkedln sends these “endorsement e-mails” to the list of e-mail addresses obtained without its existing users’ express consent and, to further enhance the effectiveness of this particular marketing campaign, these endorsement e-mails contain the name and likeness of those existing users from whom Linkedln surreptitiously obtained the list of e-mail addresses.
LinkedIn denies these claims, saying they maintain a clear communication policy with members and do not “break into” email accounts. From a blog post on the company’s website :
We do not access your email account without your permission. Claims that we “hack” or “break into” members’ accounts are false. We never deceive you by “pretending to be you” in order to access your email account. We never send messages or invitations to join LinkedIn on your behalf to anyone unless you have given us permission to do so.
We do give you the choice to share your email contacts, so you can connect on LinkedIn with other professionals that you know and trust. We will continue to do everything we can to make our communications about how to do this as clear as possible.
At the time of the original lawsuit, LinkedIn announced that the claims were “without merit” and indicated they would fight the lawsuit “vigorously.” However, on February 11 the company indicated in Northern District of California Federal Court that they were approaching a settlement by working with a mediator, and they plan to file for preliminary approval before the end of March.
Both the Republican led Congress and the Obama White House have proposed legislation suggestions related to data breaches and cybersecurity, and as the courts work through the cases before them, this issue promises to be one that doesn’t go away for awhile.
