Wendy Davis reports that LinkedIn is second dismissal of Khalilah Wright’s second amended complaint stemming from a breach affecting over 6 million users.
LinkedIn says that the consumer, Virginia resident Khalilah Wright, still hasn’t set out sufficient allegations to proceed with their lawsuit, which alleges that the company didn’t use basic encryption techniques to secure personally identifiable information.
A previous version of Wright’s lawsuit was dismissed in March, but the dismissal was without prejudice — which enabled Wright to amend her claims and try again.
Read more on MediaPost.
And try again she did. In her second amended complaint, she attached a declaration from Dr. Serge Egelman, who claims that his review of the available literature, LinkedIn’s security practices, and two surveys he conducted in April 2013 suggests that
when consumers pay for a ‘premium” social networking service, they expect their information to be protected with a heightened level of security, and that, at a bare minimum, industry-standard security protocols will be used to guard their information.
and
My research also showed that LinkedIn’s security practices fell far below industry standards, and that had LinkedIn disclosed its true security practices, its current and potential Premium Subscribers would have learned of those disclosures and factored them into their purchasing decisions
I’ve uploaded a copy of his declaration here, and have emailed Dr. Egelman to request a formal write-up of his sampling methods and survey questions.
In response, LinkedIn challenges plaintiff’s Article III standing and argues that even if she does have standing, she fails to state a claim upon which relief can be granted. Overpaying for a service with substandard security is not a claim for which relief can be granted? I’ll have to wade through more of their filings to understand that, I guess.