Facebook must face action on security, but not damages

Facebook must face action on security, but not damages

Facebook

A federal judge said up to 29 million Facebook Inc users whose personal information was stolen in a September 2018 data breach cannot sue as a group for damages, but can seek better security at the social media company after a series of privacy lapses.

In a decision late Tuesday night, U.S. District Judge William Alsup in San Francisco said neither credit monitoring costs nor the reduced value of stolen personal information was a "cognizable injury" that supported a class action for damages.

Alsup also said damages for time users spent to mitigate harm required individualized determinations rather than a single classwide assessment.

Users were allowed to sue as a group to require Facebook to employ automated security monitoring, improve employee training, and educate people better about hacking threats.

Alsup rejected Facebook's claim that these were unnecessary because it had fixed the bug that caused the breach.

"Facebook's repetitive losses of users' privacy supplies a long-term need for supervision," at least at this stage of the litigation, Alsup wrote.

Allowing a damages class action could have exposed Facebook to a higher total payout. Lawyers for the Facebook users did not immediately respond to requests for comment. Facebook did not immediately respond to similar requests.

On Sept. 28, 2018, Facebook said that hackers had exploited software flaws to access 50 million users' accounts, at the time considered the largest breach in the California-based company's 14-year history.

It scaled back the size two weeks later, saying 30 million users had their access tokens stolen, while 29 million had personal information such as gender, religion, email addresses, phone numbers and search histories taken.

Facebook has faced many lawsuits over privacy, including for allowing British political consulting firm Cambridge Analytica access data for an estimated 87 million users.

In September, U.S. District Judge Vince Chhabria in San Francisco said Facebook must face most of a damages lawsuit over access by third parties such as Cambridge, calling Facebook's views about users' privacy expectations "so wrong."

Facebook Chief Executive Mark Zuckerberg outlined his "privacy-focused vision" for social media in a March 6 blog post. "Privacy gives people the freedom to be themselves and connect more naturally, which is why we build social networks," he wrote.

Source: Reuters 27 November, New York

Reporting: Jonathan Stempel 

Copyright Lyonsdown Limited 2021

Top Articles

Clubhouse data leak: Data of 1.3m users dumped on a hacker forum

An SQL database containing records of 1.3 million Clubhouse users has been leaked for free on a popular hacker forum.

Iran terms Israeli cyber attack on nuke facility as "nuclear terrorism"

A rumoured cyber attack carried out by Mossad, Israel's official spy agency, destroyed legacy IR-1 centrifuges at Iran's underground nuclear facility located in Natanz.

The Hunt for Red Insider

The analogy to The Hunt For Red October is not far removed from the common reality of cybersecurity.

Related Articles