Facebook must face data breach class action on security, but not damages: judge
District Judge William Alsup in San Francisco said neither credit monitoring costs nor the reduced value of stolen personal information was a cognizable injury that supported a class action for damages.
Alsup also said damages for time users spent to mitigate harm required individualized determinations rather than a single classwide assessment.
Users were allowed to sue as a group to require Facebook to employ automated security monitoring, improve employee training, and educate people better about hacking threats.
Facebooks repetitive losses of users privacy supplies a long-term need for supervision, at least at this stage of the litigation, Alsup wrote.
It scaled back the size two weeks later, saying 30 million users had their access tokens stolen, while 29 million had personal information such as gender, religion, email addresses, phone numbers and search histories taken.
Facebook has faced many lawsuits over privacy, including for allowing British political consulting firm Cambridge Analytica access data for an estimated 87 million users.
We use cookies and analyse traffic to this site. By continuing to use this site, closing this banner, or clicking "I Agree", you agree to the use of cookies. Read our privacy poplicy for more information.