A California federal judge has refused to throw out a putative class action over LinkedIn Corp.’s 2012 security breach that resulted in 6.5 million hacked passwords, finding that the plaintiff had adequately stated a claim under a state false labeling law.
After Judge Davila dismissed lead plaintiff’s first amended complaint in March 2013 for failure to state any economic harm, the lead plaintiff filed a second amended complaint and added the allegation that LinkedIn failed to provide industry-standard security as it had represented, which Wright claims enticed her and other customers to purchase premium accounts, the order said. Wright alleges she would not have purchased a premium account if not for LinkedIn’s misrepresentations about the level of security..
In refusing to dismiss the suit, the court ruled that the lead plaintiff met the standing requirements to bring claims under California’s Unfair Competition Law. In 2011, the California Supreme Court ruled that a consumer who relies on a product label and challenges a misrepresentation contained in the label satisfies the standing requirements of the law by alleging that he or she would not have bought the product but for the misrepresentation.
However, Judge Davila said that Wright has alleged facts sufficient for standing.
“Applying one set of standing requirements to labeling/advertising and another set of standing requirements to other types of misrepresentations, as LinkedIn advocates, would be untenable given the lack of distinction California law places between misleading advertising and other forms of misleading statements,” the order said.
After the ruling on the motion to dismiss, the case was transferred to private alternative dispute resolution, which may mean that the case has been referred to mediation.
The case is In re: LinkedIn User Privacy Litigation, case number 5:12-cv-03088, in the U.S. District Court for the Northern District of California.