Skip to main content

LinkedIn Password Theft Results in Class Action Lawsuit

Written by Kevin McGinty

Nearly as predictable as the sun coming up in the morning, the recent theft of 6.5 million LinkedIn user passwords has resulted in the filing of a class action lawsuit in a California federal court.  In her complaint, a LinkedIn premium subscriber asserts claims on behalf of all LinkedIn users for breach of implied and express contractual obligations, negligence and violation of California’s Unfair Competition Law, Cal. Bus. & Prof. Code § 17200.

Although the attack affected the passwords of just over 5% of LinkedIn’s approximately 120 million users, plaintiff purports to assert claims on behalf of all LinkedIn users.  Although plaintiff alleges classwide damages in excess of $5,000,000 (the jurisdictional threshold for federal court jurisdiction over the state law claims advanced in the complaint) it is unclear what damages plaintiff alleges that the class actually sustained by reason of merely losing passwords.  Some commentators have hypothesized that the propensity to use a single password for multiple online accounts could result in losses where non-LinkedIn accounts are accessed using an individual’s LinkedIn password.   Proving that such losses have occurred, however, would require highly individualized showings that would likely preclude adjudicating plaintiff’s claims as a class action.  Even less clear is what conceivable damages were allegedly sustained by LinkedIn users whose passwords were not stolen.  Thus, as with most privacy class actions, damages issues appear to pose the greatest obstacle to the success of the claims against LinkedIn.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.