Facebook Lawsuit After Hack Must Not Include Damages – US Judge

A US federal judge has ruled that Facebook should not face financial damages in a lawsuit when hackers stolen user data last year.

Facebook was slapped with the lawsuit in August this year, after a breach in September 2018, when hackers were able to steal data from the Facebook accounts of 29 million people.

Facebook initially thought that the hackers had accessed 50 million accounts, but after an investigation the company revised this figure down to 29 million accounts.

Financial damages

The hackers were able to access a range of data depending on what people had on their profiles.

The stolen data included names, contact details (phone number, email etc); and in some cases username; gender; locale/language; relationship status; religion; hometown; self-reported current city; birthdate; device types used to access Facebook; education; work; the last 10 places they checked into or were tagged in; website, people or Pages they follow; and the 15 most recent searches.

The lawsuit had been filed in the US District Court for the Northern District of California in San Francisco.

But now Reuters reported that US District Judge William Alsup in San Francisco on Tuesday night ruled that neither credit monitoring costs nor the reduced value of stolen personal information was a “cognizable injury” that supported a class action for damages.

Judge Alsup also said damages for time users spent to mitigate harm required individualized determinations rather than a single classwide assessment.

However he did permit affected users to sue as a group to require Facebook to employ automated security monitoring, improve employee training, and educate people better about hacking threats.

Judge Alsup also reportedly rejected Facebook’s claim that these were unnecessary because it had fixed the bug that caused the breach.

“Facebook’s repetitive losses of users’ privacy supplies a long-term need for supervision,” at least at this stage of the litigation, Alsup wrote.

Allowing a damages class action could have exposed Facebook to a higher total payout.

Lawyers for the Facebook users, as well as Facebook itself, did not respond to Reuters request for comment.

GDPR fine?

It is not clear how many of those hacked are in Europe, but the data breach does raise the nightmare possibility for Facebook’s management of a General Data Protection Regulation (GDPR) fine in Europe.

The Irish Data Protection Commission, which is acting as the lead investigator on this side of the pond as Facebook has its European headquarters in Ireland, is investigating the breach.

Similar investigations are also reportedly underway in the US states of Connecticut and New York.

In Europe, the hack could result in Facebook being issued with a maximum fine of up to $1.63bn (£1.25bn), which is approximately 4 percent of its annual global revenue.

Quiz: Think you know all about Facebook?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Cryptocurrency Warning From Bank Of England Governor

Blunt message from Bank of England governor Andrew Bailey, warning people only to buy cryptocurrency…

2 days ago

Jeff Bezos Offloads $2 Billion In Amazon Shares

Needs some spending money...Amazon CEO Jeff Bezos has this week sold nearly $2 billion worth…

2 days ago

Twitter Suspends Account Sharing Trump Posts

Shutdown again. An account has been suspended by Twitter for sharing the posts from Donald…

2 days ago

IBM Claims Breakthrough With 2 Nanometer Chip

Research boffins at IBM are touting a major leap forward in performance and energy efficiency…

3 days ago

Twitter Now Prompts Users To Revise ‘Harmful Replies’

Trolls beware. Twitter releases feature that will deliver a 'reconsider prompt' for users, if they…

3 days ago

Old Routers Pose Security Risk, Warns Which?

Elderly routers that can no longer receive firmware updates posed security risk to millions of…

3 days ago