An Illinois woman has filed a $US5 million lawsuit against LinkedIn over a recent security breach which saw more than six million customer passwords stolen.
Katie Szpyrka, a user of the business-focused social network, filed the suit in a San Jose federal court on June 15, seeking class-action status against the company. It was filed less than two weeks after the stolen passwords turned up on websites frequented by computer hackers.
The attack on the 160 million member network was the latest massive corporate data breach to have attracted the attention of class-action lawyers.
A federal judicial panel last week consolidated nine proposed class-action lawsuits in a Nevada federal court against online shoe retailer and Amazon subsidiary Zappos, over its January disclosure that hackers had siphoned information affecting 24 million customers.
In court papers, Szpyrka's Chicago-based law firm, Edelson McGuire, said LinkedIn had "deceived customers" by having a security policy "in clear contradiction of accepted industry standards for database security".
A LinkedIn spokeswoman said the lawsuit was without merit and was driven "by lawyers looking to take advantage of the situation".
"No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured," she said on Wednesday.
Legal experts said that meaty settlements in online customer data theft cases will likely be difficult to obtain because plaintiffs will have to show that they were actually harmed by a breach.
"In consumer security class actions, the demonstration of harm is very challenging," said Ira Rothken, a San Francisco-based lawyer at the Rothken Law Firm, which handles similar cases for plaintiffs.
If it turns out that the LinkedIn breach was limited to customer passwords and not corresponding email addresses, it will be that much harder for plaintiffs to prove they were harmed by the hack, Rothken said.
Edelson, a boutique firm that has long litigated data breach and Internet privacy lawsuits, scored a success in March when it obtained a settlement against social gaming company RockYou over a 2009 data breach.
In that case, a federal judge in Oakland, California, allowed a suit handled by Edelson against RockYou to proceed on breach of contract grounds – allegations Edelson has repeated against LinkedIn.
Under the March 28 settlement, RockYou denied wrongdoing, but agreed to pay Edelson $US290,000 in legal fees.
(Reporting By Basil Katz; Editing by Martha Graybow and Leslie Adler)
