LinkedIn Settles Data Breach Lawsuit
Agrees to Payment to Settle Class ActionLinkedIn has agreed to settle a consolidated class action lawsuit stemming from a June 2012 data breach that compromised 6.5 million hashed passwords (see: LinkedIn: Hashed Passwords Breached).
See Also: Effective Communication Is Key to Successful Cybersecurity
The settlement still has to win court approval before it becomes final.
The social network has agreed to pay a total of $1.25 million to breach victims in the U.S. who paid a fee to LinkedIn for a premium subscription between March 15, 2006, and June 7, 2012, according to the settlement. Each individual will receive a share of up to $50. "That amount is at least equal to, and likely surpasses, the amount that the individual LinkedIn subscribers could expect to receive at trial," according to the settlement, which was submitted in the U.S. District Court for the Northern District of California on Aug. 15 for preliminary approval.
The settlement also requires LinkedIn to implement data security protocols utilizing the industry standard encryption methods of salting and hashing for at least five years.
"LinkedIn has agreed to this settlement to avoid the distraction and expense of ongoing litigation," the social network says in a statement provided to Information Security Media Group.
If any settlement funds remain after class members receive their claims, the money will be divided among the Center for Democracy & Technology; World Privacy Forum; and Carnegie Mellon CyLab Usable Privacy and Security Laboratory.
The original lawsuit, filed in June 2012, claimed LinkedIn failed to adequately encrypt passwords and other personally identifiable information (see: Member Sues LinkedIn for $5 Million over Hack). Several other subsequent lawsuits were eventually consolidated.