LinkedIn scored a victory recently when the court dismissed a privacy lawsuit claiming a data breach on the professional networking site was a result of the company’s failure to comply with industry security standards.
Last summer, hackers accessed LinkedIn’s systems and posted approximately 6.5 million passwords on an unrelated site. Two LinkedIn users then filed suit against the site.
The plaintiffs had each purchased an upgrade to “premium” membership and contended that they suffered economic harm as a result of the breach. According to them, they did not receive the full benefit of premium memberships and would not have paid the price had they known about the poor security. Analogizing to class actions where plaintiffs claim they would not have purchased a food product had they known that it was not as advertised on the product’s labeling, the court rejected their theory.
The plaintiffs paid a premium for advanced networking tools and capabilities – not for a particular level of security, the court said.
Further, the plaintiffs did not argue that no security services were provided but said the security services were defective in some way. “This is not the case where consumers paid for a product, and the product they received was different from the one as advertised on the product’s packaging. Because plaintiffs take issue with the way in which LinkedIn performed the security services, they must allege ‘something more’ than pure economic harm,” the court held.
To read the decision in In re LinkedIn User Privacy Litigation, click here.