On June 6, 2012, LinkedIn announced it had a data breach that involved hackers taking 6.5 million passwords from March 16, 2006 through June 7, 2012. The passwords were ultimately published on a Russian hacker website. A class action lawsuit was filed by one of LinkedIn’s paying members based on allegations that LinkedIn violated an agreement with its paying subscribers that it would keep their personal information protected. The class action plaintiffs alleged that they would have viewed LinkedIn services as having less value if they knew LinkedIn had “lax security practices” in place. This class action lawsuit was resolved this week when LinkedIn paid $1.25 million to settle the lawsuit.
The class action Settlement Agreement contains two separate provisions related to “Settlement Relief.” First, under a section entitled “Monetary Payments to Settlement Class Member,” the agreement provides that all class members can submit a claim for $50 by May 2, 2015. Any portion of the settlement amount left over after all payments are made will be distributed between the Center for Democracy and Technology, the World Privacy Forum, the Carnegie Mellon CyLab and the CyLab Usable Privacy and Security Laboratory. Information related to the class action settlement will be provided through direct e-mails sent to LinkedIn paying members and a settlement website that allows for claims to be filed electronically.
Under a section of the Settlement Agreement entitled “Prospective Relief,” LinkedIn agreed to increase its security measures to protect users’ password information in the future.
While the Settlement Agreement provides insight into the relief plaintiffs are seeking in these various class action lawsuits, this settlement brings closure to another significant data breach case without a court determining the merits of the parties’ positions. While the settlement may have resulted in a fair resolution for the parties involved, it is unfortunate that the court did not get the opportunity to render a decision on liability.