Home page logo

funsec logo funsec mailing list archives

LinkedIn Customer Says Company Lied About Data Security
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 2 Aug 2013 17:17:18 -0400


A LinkedIn user argues that her data privacy lawsuit is based on the
company’s lies about security and doesn’t require her to show harm
from a 2012 data breach, an Aug. 1 filing against dismissal said.

Companies have so far been able to defeat data privacy lawsuits by
saying plaintiffs can’t show they were actually harmed by a data

Khalilah Wright, the only remaining named plaintiff in a purported
class action suit, wants to sidestep the issue altogether, saying that
she never would have paid for a LinkedIn Premium subscription if she
knew the company had misrepresented its data protection.

“That Wright hasn’t suffered identity theft or any other harm from the
password hack is irrelevant,” the Aug. 1 filing said. “This suit isn’t
about the theft of Wright’s password. It’s about LinkedIn’s use of
deceptive business practices to induce consumers to make purchases.”

Wright alleges violations of the California Unfair Competition Law
which prohibits companies from making misrepresentations or deceptive
statements to customers.

Before purchasing a premium subscription, Wright said she read
LinkedIn’s privacy policy, which promised that data — including credit
card and billing information — would be protected using industry
standard security practices.

In the wake of the data breach, Wright said LinkedIn revealed that it
was using outdated security — and thus had lied in its previous
assurances about data security.

If she had known this, Wright said she would have never spent money on
a subscription.

Previous complaints argued that LinkedIn failed to protect data and
have been dismissed because the plaintiffs couldn’t show that they
were harmed in the breach.

In April, Wright filed a second amended class action complaint,
revising her legal theory in the case.

LinkedIn sought dismissal in June, arguing that Wright has failed to
show that the company’s security wasn’t the industry standard and
saying that LinkedIn never made any assurance that data couldn’t be

The bottom line, the dismissal motion said, is that the breach didn’t
harm Wright.

“She does not allege that the criminal password theft resulted in or
will result in any harm to her; indeed, she does not even allege that
her password was stolen,” the June 13 dismissal motion said.

The case is 5:12-cv-03088 in the Northern District of California.
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]