LinkedIn Must Face Password Hacking Class Action Lawsuit

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

On Friday, a California federal judge declined to dismiss a class action lawsuit filed over a 2012 security breach that resulted in 6.5 million LinkedIn users’ passwords being posted online. The class action lawsuit alleged that LinkedIn Corp. misrepresented its privacy policy by falsely claiming that it met industry standards for safeguarding its users’ private information.

U.S. District Judge Edward Davila found that plaintiff Khalilah Gilmore-Wright’s class action lawsuit adequately stated a claim under California’s false labeling laws. He also found that LinkedIn misrepresented its website’s security in its privacy policy.

“The court finds that plaintiff has alleged facts sufficient to confer standing,” Judge Davila wrote. “The representation in LinkedIn’s privacy policy falls within the scope of the labeling/advertising cases.”

In March 2013, Judge Davila dismissed Wright’s first amended class action lawsuit because she failed to indicate that she had suffered economic harm from the 2012 security breach. She subsequently filed a second amended complaint, adding an allegation that LinkedIn failed to maintain a security policy that met the industry standard, contrary to what the company advertised in its privacy policy. Based on this representation, Wright argued, she made the decision to purchase a premium account. She says she wouldn’t have purchased the account if she had known the company took sub-standard measures to protect user data.

Following a 2011 ruling by the California Supreme Court, in order to have standing under the state’s Unfair Competition Law, consumers who challenge a representation contained on a product label must allege that they would not have purchased the product but for the misrepresentation. LinkedIn sought to dismiss Wright’s amended class action lawsuit, arguing that its privacy policy was not the same as a label or advertisement. Further, LinkedIn argued, its privacy policy was the same for paying and non-paying members. Therefore, Wright’s decision to purchase a premium subscription should not be relevant to the litigation.

“Under no plausible theory can this single sentence in the Privacy Policy that applies to all LinkedIn members be considered an ‘inducement’ to the purchase of a premium subscription, the ‘advertisement’ of premium services or an ‘effective marketing technique’ for premium service,” LinkedIn argued in its motion to dismiss Wright’s class action lawsuit.

Judge Davila disagreed, finding that it did not make sense to apply different standing requirements depending on the types of misrepresentations. “Applying one set of standing requirements to labeling/advertising and another set of standing requirements to other types of misrepresentations, as LinkedIn advocates, would be untenable given the lack of distinction California law places between misleading advertising and other forms of misleading statements,” the judge wrote.

The plaintiffs are represented by Jay Edelson, Rafey S. Balabanian, Ari J. Scharg and Christopher L. Dore of Edelson PC; Laurence D. King and Linda M. Fong of Kaplan Fox & Kilsheimer LLP; Joseph J. Siprut of Siprut PC; David C. Parisi of Parisi & Havens LLP; and Dan Marovitch of Marovitch Law Firm LLC.

The LinkedIn Password Hacking Class Action Lawsuit is In re: LinkedIn User Privacy Litigation, Case No. 5:12-cv-03088, in the U.S. District Court for the Northern District of California.

UPDATE: Instructions on how to file a claim for the LinkedIn user privacy class action settlement are now available! Click here or visit www.LinkedInClassActionSettlement.com for details.

UPDATE 2: A California federal judge gave final approval to the LinkedIn user privacy class action settlement on Sept. 15, 2015.