The professional social networking website LinkedIn is reportedly facing a class action lawsuit from users after it experienced a major security and data breach last month.
The lawsuit, which was filed on behalf of lead plaintiff Katie Szpyrka and potentially thousands or even millions of other LinkedIn users, centres on the security that occurred in June 2012.
A total of 6.5 million LinkedIn member passwords were stolen and posted on a Russian hacker forum. The reason for the breach, according to the lawsuit, was that LinkedIn only had a below industry standard, rudimentary hashing algorithm in place to protect data.
LinkedIn is now being sued for:
• Breach of contract
• Breach of implied contracts
• Negligence
• Violations of California civil code
• Violation of California business and professional code
• Breach of the implied covenant of good faith and fair dealing
Whilst the lawsuit claims that LinkedIn’s privacy policy states that ‘All information you provide will be protected with industry standard protocols and technology’, the company itself claims the suit is without merit. With the backing of its professional indemnity insurance, LinkedIn is said to be planning an aggressive defence.
LinkedIn spokesperson Erin O’Harra said:
“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured. Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation.”