The class action lawsuit was filed in 2018 after Facebook disclosed a data breach which included names, birthdates, current cities, hometowns, and other data points of 29 millions users, according to the motion for preliminary approval of the settlement.
The motion states that hackers stole access tokens which allowed them to take over users accounts.
The plaintiffs allege that Facebook’s negligence caused the breach in two ways. First, the plaintiffs state that Facebook failed to address known risks related to access tokens, which are “key cards” that allow users to access their account information. Second, the motion states that after the attack was visible, Facebook did not escalate the suspicious activity to security personnel.
“Facebook adamantly denies any negligence or fault in either respect, and strongly maintains that the breach was a result of an unknown and unforeseeable vulnerability and that the company responded quickly to the attack,” the motion states.
The motion also states that on Feb. 7, 2019, numerous plaintiffs including lead plaintiff Stephen Adkins, filed a consolidated amended complaint against Facebook. The complaint alleged numerous violations such as breach of express contract, implied covenant of good faith and fair dealing, and violation of California’s Unfair Competition Law and California Consumer Legal Remedies Act.
In December 2019, the plaintiffs in this action won Class certification for injunctive relief against the social networking company.
The motion states that one of the plaintiff’s primary goals was to make sure Facebook improved security practices in response to the attack and in order to prevent future breaches from happening.
The motion for preliminary approval of the settlement states that Facebook will certify the vulnerability that was exploited in the data breach was eliminated. In addition, the motion states that Facebook must adopt a detailed set of security commitments, which is laid out in the settlement agreement.
These security measures will be assessed annually by a third party vendor for five years, according to the motion for preliminary approval of the settlement.
In addition, Facebook has agreed to pay a service award to Adkins, which the Class Counsel has recommended to be $5,000.
“Here, the Settlement merits approval because Facebook has agreed to meaningful injunctive relief, including a broad range of sophisticated and detailed measures designed to prevent and detect security issues relating to access tokens, and regular assessments of compliance by an independent third party for five years,” the motion states.
The settlement Class is “All current Facebook users residing in the United States whose personal information was compromised in the data breach announced by Facebook on September 28, 2018.”
Was your personal information breached during this attack on Facebook? Leave a message in the comments section below.
The plaintiffs are represented by Andrew Friedman of Cohen Milstein Sellers & Toll PLLC, John Yanchunis of Morgan & Morgan Complex Litigation Group and Ariana Tadler of Tadler Law LLP.
The Facebook Data Breach Class Action Lawsuit is Stephen Adkins v. Facebook Inc., Case No. 3:18-cv-05982, in the U.S. District Court for the Northern District of California.
ATTORNEY ADVERTISING
Top Class Actions is a Proud Member of the American Bar Association
LEGAL INFORMATION IS NOT LEGAL ADVICE
Top Class Actions Legal Statement
©2008 – 2025 Top Class Actions® LLC
Various Trademarks held by their respective owners
This website is not intended for viewing or usage by European Union citizens.
NEC lawsuit: Families take action against Enfamil and Similac baby formula makers
September 10, 2025 | Legal News
174 thoughts onFacebook Users Reach Data Breach Class Action Settlement
I have been hacked. I have verified myself and correct contact info atleast ten times in the last month. I have My business EIN tied up through market place. No actual help or reply from facebook. I hate knowing that someone is existing as me for close to two months and fb customer service is not concerned at all. This can’t be it. I need help… bad.
I have been hacked as well and I have proven my identity and I still am left in the dark. I wish I could find some sort of legal assistance to bring this to an end. I took screen shots of the messages that Facebook sent me and I took screen shots of the information I sent them. Still nothing. The hack has spread all the way to me having to get a police report. This has to stop.
My account was breached and I can’t log back in to my personal or business page
How do I know if I was breached?
My facebook account was hacked this morning. I tried all their proposed solutions but was put into a hamster wheel that went no where.
I belong to several illness support groups meaning my phi is out there and facebook is not protecting my HIPAA information. There has to be legal recourse
I have been breached please add me
My Facebook account has also been hacked in April 2019, and I cannot access the account to undo the changes that were made by the hacker. Facebook has repeatedly denied to do anything following multiple attempts by friends and family to report this problem, and they are incredibly difficult to contact. Please add me to this class action lawsuit.
My facebook account was hacked several times and I was told to change my password. Please add my name to the class action account. Thank you so much.