The lawsuit, which was brought in federal court in San Jose, California, on June 15 and seeks class-action status, was filed less than two weeks after the stolen passwords turned up on websites frequented by computer hackers, Reuters reported.
The attack on Mountain View, California-based LinkedIn, an employment and professional networking site with more than 160 million members, was the latest massive corporate data breach to have attracted the attention of class-action lawyers.
A federal judicial panel last week consolidated nine proposed class-action lawsuits in Nevada federal court against online shoe retailer Zappos, a unit of Amazon.com, over its January disclosure that hackers had siphoned information affecting 24 million customers.
The LinkedIn lawsuit was filed by Katie Szpyrka, a user of the website from Illinois. In court papers, her Chicago-based law firm, Edelson McGuire, said LinkedIn had “deceived customers” by having a security policy “in clear contradiction of accepted industry standards for database security.”
LinkedIn spokeswoman Erin O’Harra said the lawsuit was without merit and was driven “by lawyers looking to take advantage of the situation.”
“No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured,” O’Harra said on Wednesday.
“In consumer security class actions, the demonstration of harm is very challenging,” said Ira Rothken, a San Francisco-based lawyer at the Rothken Law Firm, which handles similar cases for plaintiffs.
If it turns out that the LinkedIn breach was limited to customer passwords and not corresponding email addresses, it will be that much harder for plaintiffs to prove they were harmed by the hack, Rothken said.