sued for Google data breach and alleged sexual misconduct


Google are up against a “credible basis” for suspicious mismanagement at Google parent firm, Alphabet, following a lawsuit filed in Delaware last week.

Investigations into Alphabet have reached Chancery Court in the eastern US state of Delaware, regarding official documents linked to the way the firm dealt with allegations of sexual misconduct that were made against some of Google’s C-suite members.

The probe also relates to a data breach on the discontinued platform, Google+, which allegedly compromised the personal details of around 500,000 users last year, The Recorder reports.

The complaint made last week, said:

“By demonstrating that Alphabet/Google has a history of ignoring and/or covering up complaints of sexual harassment and discrimination by senior company executives, and that the company and very senior executives made false and misleading statements and/or statements omitting material facts that conceded the company’s knowledge of the Google+ security breach, plaintiff has demonstrated a credible basis from which it may be reasonably inferred that mismanagement may have occurred.”

In an initial court filing, now redacted, Alphabet investor, Roger Morrell stated that he had delivered a demand letter to the firm’s management tier in November 2018, to ask for documents and board minutes dating back six years.

Mr Morrell claimed that the details were required in order to appraise the management board’s response to accusations of sexual misconduct of some of Googles highest former executives, and to learn more about the data breach incident the hit Google+.

The initial demand was rejected, Morrell said, but Google offered to send required documents if a nondisclosure agreement was signed. In the event, Google submitted 589 pages of mostly redacted material, but few of the documents included any of the details originally requested by Morrell.

The search engine’s media department is yet to give comment on the issue.

Also at the centre of the case was Google’s alleged delayed response to a malfunction in the Google+ platform, the firm’s social media forum, which enabled external developers to get inside account holder’s profile data.

A report in October stated that Google were aware of the glitch as early as March 2018, and that they had known third-parties had been able to access full names, email addresses, dates of birth, genders and photos of Google+ users.

However, the decision had been taken to keep the intrusion quiet because, against the backdrop of the Facebook / Cambridge Analytica controversy, admitting a data breach might have sparked undesirable regulator scrutiny.

Upon publication of a Wall Street Journal report, Google announced that it would discontinue Google+ for consumers, stating that no evidence for data misuse had been found.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.