funsec mailing list archives
LinkedIn Customer Says Company Lied About Data Security
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 2 Aug 2013 17:17:18 -0400
http://www.mainjustice.com/2013/08/02/linkedin-customer-says-company-lied-about-data-security/ A LinkedIn user argues that her data privacy lawsuit is based on the company’s lies about security and doesn’t require her to show harm from a 2012 data breach, an Aug. 1 filing against dismissal said. Companies have so far been able to defeat data privacy lawsuits by saying plaintiffs can’t show they were actually harmed by a data breach. Khalilah Wright, the only remaining named plaintiff in a purported class action suit, wants to sidestep the issue altogether, saying that she never would have paid for a LinkedIn Premium subscription if she knew the company had misrepresented its data protection. “That Wright hasn’t suffered identity theft or any other harm from the password hack is irrelevant,” the Aug. 1 filing said. “This suit isn’t about the theft of Wright’s password. It’s about LinkedIn’s use of deceptive business practices to induce consumers to make purchases.” Wright alleges violations of the California Unfair Competition Law which prohibits companies from making misrepresentations or deceptive statements to customers. Before purchasing a premium subscription, Wright said she read LinkedIn’s privacy policy, which promised that data — including credit card and billing information — would be protected using industry standard security practices. In the wake of the data breach, Wright said LinkedIn revealed that it was using outdated security — and thus had lied in its previous assurances about data security. If she had known this, Wright said she would have never spent money on a subscription. Previous complaints argued that LinkedIn failed to protect data and have been dismissed because the plaintiffs couldn’t show that they were harmed in the breach. In April, Wright filed a second amended class action complaint, revising her legal theory in the case. LinkedIn sought dismissal in June, arguing that Wright has failed to show that the company’s security wasn’t the industry standard and saying that LinkedIn never made any assurance that data couldn’t be stolen. The bottom line, the dismissal motion said, is that the breach didn’t harm Wright. “She does not allege that the criminal password theft resulted in or will result in any harm to her; indeed, she does not even allege that her password was stolen,” the June 13 dismissal motion said. The case is 5:12-cv-03088 in the Northern District of California. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- LinkedIn Customer Says Company Lied About Data Security Jeffrey Walton (Aug 02)
- Re: LinkedIn Customer Says Company Lied About Data Security Rich Kulawiec (Aug 21)
- Re: LinkedIn Customer Says Company Lied About Data Security Bruce Ediger (Aug 21)
- Re: LinkedIn Customer Says Company Lied About Data Security Stephanie Daugherty (Aug 26)
- Re: LinkedIn Customer Says Company Lied About Data Security Rich Kulawiec (Aug 26)
- Re: LinkedIn Customer Says Company Lied About Data Security Bruce Ediger (Aug 21)
- Re: LinkedIn Customer Says Company Lied About Data Security Rich Kulawiec (Aug 21)