LinkedIn has agreed to pay $1.25 million to settle with a class of nearly 800,000 individuals who claim they overpaid for premium services, only to find that the site failed to provide adequate data security.

In June 2012, LinkedIn announced that hackers had stolen the passwords of approximately 6.5 million members and published them on a hacker Web site. Four putative class actions were filed in the following months and consolidated in a California federal court. The plaintiffs alleged that LinkedIn’s weak security allowed the hackers to obtain their personal information. By paying a monthly fee for what the site promoted as “premium services,” the class argued it was entitled to damages.

A federal court judge initially dismissed the action but two claims survived after an amended complaint was filed. The court then referred the case to private mediation and settlement talks began.

Following several months of negotiations, the parties reached a deal. LinkedIn agreed to pay $1.25 million to establish a fund for class member payments, class counsel fees (not to exceed one-third of the fund), administration expenses, and a $7,500 incentive award for the named plaintiff.

The class, which included LinkedIn users across the country who paid a fee for a premium subscription between March 15, 2006 and June 7, 2012, must submit a claim to receive a pro rata share of the settlement fund up to a maximum payment of $50.

If funds remain in the non-reversionary settlement fund after all payments to class members have been made, cy pres recipients—the Center for Democracy and Technology, the World Privacy Forum, and the Carnegie Mellon CyLab Usable Privacy and Security Laboratory—will receive such funds on a pro rata basis.

LinkedIn also provided prospective relief by agreeing to employ greater protection for users’ passwords for a five-year period.

To read the settlement agreement in In re LinkedIn User Privacy Litigation, click here.

To read the court’s order granting preliminary approval, click here.

Why it matters: The federal court judge overseeing the case granted preliminary approval to the deal and set a final fairness hearing for June 18. Given the years of litigation and the sizable settlement amount, the case demonstrates that companies must take all reasonable steps to prevent a costly data breach.