Failure to Encrypt Passwords Leads to Class Action Lawsuit
On December 28, 2009, RockYou, Inc., a developer of applications for Facebook and other social networks, was sued in the U.S. District Court for the Northern District of California. The class action complaint alleges failure to encrypt users’ e-mail addresses and passwords and was filed shortly after a hacker copied that information for 32 million RockYou users.
RockYou’s potential exposure is huge. Among the various causes of action are:
- Breach of contract
- Negligence
- Violation of California’s Unfair Competition Law (Business & Professions Code Section 17200)
- Violation of California’s Computer Crime Law (Penal Code Section 502)
- Violation of California’s Security Breach Information Act (Civil Code Sections 1798..80-1798.84)
- Violation of California’s Consumer Legal Remedies Act (Civil Code Sections 1750-1784)
The lesson for any company that stores users’ personally identifiable information: Make sure that information is encrypted!
Dana H. Shultz, Attorney at Law +1 510-547-0545 dana [at] danashultz [dot] com
This blog does not provide legal advice and does not create an attorney-client relationship. If you need legal advice, please contact a lawyer directly.