A federal court judge allowed a class action lawsuit against professional networking website LinkedIn to proceed, on the plaintiffs’ third attempt to establish claims that a hacker attack in 2012 that resulted in the theft of 6.5 million passwords harmed them.
Following the cyber attack, LinkedIn upgraded its password encryption procedures and alerted all members to the new, more secure system.
LinkedIn has two tiers of memberships, free and paid. The lead plaintiff, Khalilah Wright, who purchased a subscription, argued that “had LinkedIn disclosed its lax security practices, she would have viewed the premium subscription as less valuable and would either have attempted to purchase a premium subscription at a lower price or not at all.”
The plaintiff attempted to find standing for the claims of harm under both California’s Unfair Competition Law (UCL) and Article III of the Constitution, arguing that she had been injured by not receiving the benefit of her LinkedIn agreement and that she faced a higher risk of harm in the future because of the hacking incident. The United States District Court for Northern California rejected both of those claims, and the plaintiff shifted to a claim based on LinkedIn’s alleged misrepresentation. She relied on cases where courts found standing for claims for plaintiffs who bought “deceptively labeled or advertised products in reliance on the misinformation contained in the labels or advertisements.”
LinkedIn cited cases in which courts have required plaintiffs to prove they have done “something more” than “overpaying for a defective product.” The court disagreed, finding that the plaintiff had a reasonable claim in stating that she had paid for something she would not otherwise have bought.