An Illinois woman has filed a $5 million lawsuit in California against LinkedIn Corp, saying the social network violated promises to consumers by not having better security in place when more than 6 million customer passwords were stolen.
The lawsuit, which was brought in federal court in San Jose, California, on June 15 and seeks class-action status, was filed less than two weeks after the stolen passwords turned up on websites frequented by computer hackers.
The attack on Mountain View, California-based LinkedIn, an employment and professional networking site with more than 160 million members, was the latest massive corporate data breach to have attracted the attention of class-action lawyers.
The LinkedIn lawsuit was filed by Katie Szpyrka, a user of the website from Illinois. In court papers, her Chicago-based law firm, Edelson McGuire, said LinkedIn had "deceived customers" by having a security policy "in clear contradiction of accepted industry standards for database security."
LinkedIn spokeswoman Erin O'Harra said the lawsuit was without merit and was driven "by lawyers looking to take advantage of the situation."
"No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured," O'Harra said on Wednesday.
Legal experts say that meaty settlements in online customer data theft cases will likely be difficult to obtain because plaintiffs will have to show that they were actually harmed by a breach.
If it turns out that the LinkedIn breach was limited to customer passwords and not corresponding email addresses, it will be that much harder for plaintiffs to prove they were harmed by the hack.