U.S District Judge William Alsup has told Facebook data breach victims that they cannot sue as a group for damages.
On September 28, 2018, hackers had exploited software flaws, allowing them to access 50 million users’ accounts. It was discovered that 29 million users had their personal information such as email addresses, phone numbers, religion, gender and search histories stolen.
These 29 million Facebook users have been told that they cannot sue as a group for damages, but rather seek better security practices.
In San Francisco, Alsup determined that neither credit monitoring nor the reduced value of stolen personal information constitute “cognizable injury” which usually warrants a class action for damages.
Alsup added that damages for time users spent to mitigate harm did not require a single class-wide assessment but instead individualised determinations.
The victims are allowed to sue Facebook as a group to require them to employ automated security monitoring, educate people about hacking threats and improve employee training.
Facebook responded stating that these requirements were unnecessary considering that it had fixed the bug since the breach, however these claims were rejected.
“Facebook’s repetitive losses of users’ privacy supplies a long-term need for supervision,” wrote Alsup.
If a damages class action was allowed, Facebook would have been exposed to a higher payout.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.