in Newswire Published on October 8, 2018

Hours After Shutdown Announcement, Google, Alphabet Hit with Class Action Lawsuit Over Years-Long Google+ Data Breach [UPDATE]

by Corrado Rizzi

Last Updated on August 10, 2020

View Comments

Matic et al. v. Google, Inc. et al.

Filed: October 8, 2018 § 5:18-cv-06164

Read Complaint

Google and parent co. Alphabet have been named in a class action centered on a data breach that exposed the information of up to 500k Google+ users between 2015 and March 2018.

Defendant(s)

Google Alphabet, Inc.

Law(s)

State(s)

California

Categories

Technology Privacy Data Breach

Case Updates

August 5, 2020 – How Do I File a Claim? Google+ Data Breach Settlement Website Is Live

Have you received an email from “google-noreply@google.com” with the subject line “Notice of Class Action Settlement re Google Plus  - Your Rights May Be Affected”? If you did, you may be eligible for a piece of the $7.5 million Google+ data breach settlement.

For information on how to file a claim for your piece of the settlement, check out ClassAction.org’s write-up of the deal here

You can also visit the settlement site directly at https://www.googleplusdatalitigation.com/.

Update – Google Agrees to $7.5 Million Settlement

Google has agreed to pay $7.5 million to settle the allegations detailed on this page. Notice of the settlement agreement between the plaintiffs and Google was submitted to the court on January 6, 2020.

The proposed deal, which awaits a judge’s preliminary approval, looks to cover everyone in the United States who had a Google+ account for any period of time between January 1, 2015 and April 2, 2019 and had their non-public information exposed as a result of the software bugs announced by Google on October 8 and December 10, 2018. A hearing for preliminary settlement approval is tentatively scheduled for May 21, 2020.

The document outlining the proposed settlement can be found here.

While the final nails are driven into the coffin of Google+, Google, Inc. and parent company Alphabet, Inc. must now contend with a proposed class action lawsuit centered on a data breach the suit alleges exposed the information of up to 500,000 platform users between sometime in 2015 and March 2018. Despite the multi-year window in which Google+ users’ information was supposedly left out in the open, Google only disclosed the vulnerability on October 8—at the same time it announced that the failed social network will be shut down for good.

Considered by many as one of Google’s biggest failures, Google+ was set up to be an “answer and rival” to Facebook, the suit begins. According to the lawsuit, Google+ users’ information was exposed for so long due to a software glitch that allowed third-party app developers access to private profile data. Below is an illustration included in the complaint that depicts how such a glitch could expose Google+ users’ data:

It should have never gotten this far, the suit argues, as Google has always represented to users that it will only share personal information outside the company with explicit consent. Even worse, according to the case, is that Google “made a calculated decision” to say nothing about the years-old security vulnerability for months, as the glitch was supposedly uncovered back in March 2018.

All told, the lawsuit says, the number of Google+ users who Google claims had their information compromised may be much higher than the company has stated publicly. From the complaint:

“[The defendants] have advised that at least 438 third party applications may have used this API and been allowed unauthorized access to Google+ users’ data for nearly 3 years. 
Because the API logs are designed to keep historical data for only 2 weeks, [the defendants] are unable to tell exactly how many users may have had their information compromised during this 3 year period.
Although [the defendants] have reported that only up to 500,000 users were affected, the reality is that this number is what was determined only for the two week period prior to the discovery of the security vulnerability in March 2018. Thus, given that the data leak occurred for nearly 3 years, the number of compromised users is expected to be much higher.”

Of Google’s alleged business decision to keep a lid on the data breach for months, the lawsuit charges the company remained quiet not because of potential repercussions from users, but as a means to sidestep any “regulatory interest,” which has remained at a fever pitch in the wake of the Facebook/Cambridge Analytica scandal.

“In every turn, [Google and Alphabet] put their own business interests ahead of the privacy interests of Google+ users causing harm to [the plaintiffs] and Class members,” the suit reads.

The lawsuit looks to cover a proposed class of all consumers in the United States who registered for Google+ accounts and whose information was “accessed, compromised or obtained” from Google by third-party applications without authorization. The case further asks to cover a proposed class of California residents who fit the same criteria.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on August 10, 2020 — 12:15 PM

Corrado Rizzi

corrado@classaction.org

Corrado Rizzi is the Senior Managing Editor of ClassAction.org.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.