In June 2012, the popular social networking website LinkedIn was hacked resulting in approximately 6.4 million passwords stolen from the website. Within hours of the incident, the passwords were posted on the internet and were used to direct traffic to fraudulent websites. The massive security breach also resulted in a class action lawsuit against “the world’s largest professional network” in the Northern District of California. The plaintiff class alleged that LinkedIn failed to adequately and properly secure the personal information stored on its website. This is the classic example of cyber-liability exposure.
Fortunately for LinkedIn, a judge recently dismissed the lawsuit. The court held that the plaintiff class lacked standing to pursue their claims. In particular, the plaintiffs failed to establish a “concrete and particularized” injury as a result of the security breach. The fact that passwords were posted online was insufficient to establish the necessary injury. As a result, the class action lawsuit was dismissed early in the litigation process.
While LinkedIn obtained a favorable result, the lawsuit also serves as a reminder for the operator of any website that stores sensitive, personal, or password-protected information. As you read this, hackers are continually attempting to gain access to electronically stored information and, if successful, the operator of the website may be exposed to liability for failing to properly secure the information. This is a developing area of the law, but needless to say lawsuits will likely follow a security breach. Operators of websites should not only ensure they have proper security measures in place, but, if possible, obtain cyber insurance that adequately protects from this type of risk.