LinkedIn Data Breach Proposed Settlement Receives Preliminary Approval

A proposed settlement agreement stemming from a 2012 data breach of over 6 million LinkedIn users’ passwords recently received preliminary approval. The settlement would conclude a class action brought against LinkedIn alleging that it violated California consumer protection statutes and breached its contract with class action members by failing to use “industry standard protocols and technologies” to protect user information as promised in LinkedIn’s privacy policy.

The proposed settlement provides for monetary relief to class members, as well as a prospective obligation for LinkedIn to employ salting and hashing, or an equivalent or greater form of protection for LinkedIn user passwords for at least five years following the settlement date. A fairness hearing is scheduled for June 18, 2015, to determine whether the settlement will receive formal approval and whether attorneys’ fees will be awarded.

TIP: This settlement is a reminder that after a breach, the class action bar will look at a company’s security measures to determine if the company had appropriate provisions in place to protect consumer information. Companies should ensure that they have reviewed and analyzed their security measures, and have looked at their risks for potential suits alleging violations of consumers’ privacy rights.