Data Breach Lawsuit Against LinkedIn is Dismissed for Lack of Standing

By Eric A. Packel, Esq. Marshall Dennehey Warner Coleman & Goggin, P.C. 

re LinkedIn User Privacy Litig., 2013 U.S. Dist. Lexis 31131 (N.D. Cal., 3/6/13)

After a hacker obtained 6.5 million passwords and email addresses from LinkedIn (the professional networking site), two of its users brought a putative class action claiming that LinkedIn had misrepresented its level of security. However, the plaintiffs ran into a threshold problem seen in many data breach cases: Article III standing.

Among the requirements for standing in any case brought in federal court is that the plaintiff must allege an injury in fact that is concrete and particularized, as well as actual and imminent. Without standing, there is no case in controversy, and the court lacks subject matter jurisdiction.

In the LinkedIn matter, the plaintiffs argued they had standing to sue under an economic harm theory. The plaintiffs claimed they paid to be “premium” LinkedIn users (as opposed to the free account) and did not receive the benefit of the bargain since LinkedIn failed to protect its information.

In dismissing the complaint for lack of standing, the court noted that LinkedIn did not have a different privacy policy or user agreement for premium members. In other words, any promises made by LinkedIn as to privacy were the same for both basic users and premium users. Thus, although paying for premium membership may have provided for advanced capabilities on the LinkedIn site, a user did not pay for any particular level of security.

Further, the fact that one of the plaintiffs’ passwords was posted on the Internet did not amount to a legally cognizable injury. In other words, there were no allegations of actual identity theft or fraudulent use of the information. Accordingly, the court held that the plaintiffs failed to meet the requirements of Article III standing.

Of course, the plaintiffs will continue to push for class action status in the wake of mass data breaches that expose personal information. However, without actual harm, the mere exposure of personal information is generally not enough, and such cases are subject to dismissal for lack of standing.


For additional information, contact Eric at or (215) 575-4554   

Print Article

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.