#Privacy: Judge blocks Facebook data breach victims from suing for damages

U.S District Judge William Alsup has told Facebook data breach victims that they cannot sue as a group for damages. 

On September 28, 2018, hackers had exploited software flaws, allowing them to access 50 million users’ accounts. It was discovered that 29 million users had their personal information such as email addresses, phone numbers, religion, gender and search histories stolen.

These 29 million Facebook users have been told that they cannot sue as a group for damages, but rather seek better security practices.

In San Francisco, Alsup determined that neither credit monitoring nor the reduced value of stolen personal information constitute “cognizable injury” which usually warrants a class action for damages. 

Alsup added that damages for time users spent to mitigate harm did not require a single class-wide assessment but instead individualised determinations. 

The victims are allowed to sue Facebook as a group to require them to employ automated security monitoring, educate people about hacking threats and improve employee training. 

Facebook responded stating that these requirements were unnecessary considering that it had fixed the bug since the breach, however these claims were rejected. 

“Facebook’s repetitive losses of users’ privacy supplies a long-term need for supervision,” wrote Alsup. 

If a damages class action was allowed, Facebook would have been exposed to a higher payout. 


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/