Federal Court Finds Plaintiff States Valid Claims Against Ex-Employer That Hacked LinkedIn Account, but Fails to Award Damages

The Eastern District of Pennsylvania recently ruled that an employee properly pled several state law causes of action against her previous employer, Edcomm, an employer she alleged hacked into her LinkedIn account. We reported on this case previously, when the court rejected plaintiff’s Computer Fraud and Abuse Act and Lanham Act claims. With respect to the remaining state law claims, while the court found that they were properly pled, it ruled that the plaintiff could not succeed because she could not prove damages. Plaintiff was the president of the defendant company, Edcomm, Inc., which provides financial training services. Plaintiff maintained an account on LinkedIn to promote both Edcomm—her former employer—and herself. Edcomm allegedly encouraged employees to establish LinkedIn accounts. When employees, including plaintiff, left the company, Edcomm requested for their log-in information. After gaining access, Edcomm subsequently locked the plaintiff out of her account. When LinkedIn users looked up plaintiff’s name, they would find a page largely devoted to plaintiff’s replacement at the company. Plaintiff’s claims for unauthorized use of name, invasion of privacy by misappropriation of identity, and misappropriation of identity were “successfully proven” by plaintiff, according to the court; but plaintiff did not “put forth any legally sufficient evidence of… damages.” Plaintiff attempted to show that she generated revenue through her LinkedIn use; but the court found this speculative. Instead of retaining an expert, the plaintiff—acting pro se in this case—presented only the testimony of the company’s co-founder. Punitive damages were inappropriate, said the court, because plaintiff could not demonstrate that Edcomm was acting to harm the plaintiff, instead of acting to protect what was potentially the company’s property. In addition to the counts that plaintiff could prove, the court found that plaintiff could not properly prove all of the elements of identity theft, conversion, tortuous interference with contract, civil conspiracy, and civil aiding and abetting.  

TIP: Notwithstanding the outcome of this particular case, companies should still be careful if considering accessing and manipulating former employees’ social media accounts. Even though this plaintiff did not win damages, future plaintiffs might be emboldened by the “victory” that the plaintiff stated appropriate causes of action.   

This tip has been created for information and planning purposes. They are not intended to be, nor should they be substituted for, legal advice, which turns on specific facts.