Katie Szpyrka of Illinois filed a lawsuit in the U.S. District Court in Northern California against the professional networking website LinkedIn. She has sued the company for a security breach after the company announced that hackers had stolen 6.5 million user passwords. She is seeking class-action status for the lawsuit.
The hackers published the passwords on a Russian hacking website. LinkedIn stresses that only the passwords were published. According to LinkedIn, the passwords were not connected to any information that would connect the password to the user’s login information.
LinkedIn Failed to Safeguard Users’ Personal Data
The suit alleges that LinkedIn used outdated technology to protect its users’ information. According to the lawsuit, LinkedIn passwords were protected by “hashes” but were not “salted” to add an additional layer of protection. Salting greatly increases the difficulty for hackers who attempt to decipher encrypted passwords.
Hashing refers to an algorithm a site uses to encode password data. Even if the data is stolen, the hackers must decode the information before it will be useful. Salting refers to adding a series of numbers to each hashed value. As standard industry practice, companies combine hashing with salting to enhance the security of the encrypted data.
After LinkedIn learned about the security breach on June 6, the company immediately reset the passwords for the users who were affected by the breach. According to the LinkedIn blog, the company is working closely with the FBI to track down the perpetrators.
Erin O’Harra, a spokesman for LinkedIn, says that Szpyrka’s claim is without merit. She is claiming that the lawsuit is an attempt to make money from a third party’s criminal action. She insists that no LinkedIn users had been injured due to the breach. O’Harra stressed that the company will vigorously defend itself from the lawsuit.
According to a study by the Ponemon Institute, the average breach costs a company around $5.5 million dollars. This study was sponsored by Symantec, a computer security firm.
Internet Security Lawsuits on the Rise
There have been other similar lawsuits filed against Internet companies seeking damages due to leaked customer data. Unfortunately for plaintiffs of these suits, it is exceedingly difficult to prove that they have been injured due to the breach. If they cannot show that they have actually suffered harm, they will be unable to collect damages.
Theresa Stevens of Beaumont, Texas seeks to represent the 24 million Zappos.com customers whose personal information was compromised due to a security breach. Zappos.com is an online shoe retailer, owned by Amazon.com. Stevens claims that, due to the security breach, customers are subject to receive “phishing” emails that trick people into submitting personal data to criminals. In her lawsuit, she wants Amazon.com to pay for credit monitoring and identity theft insurance to protect customers from becoming targets of identity theft. She is also suing for loss of privacy and emotional distress.
About the Author: Jonathan Peterson is a freelance tech blogger when he isn’t writing on behalf of Insurance Swami, a site that helps you find affordable car insurance.