Facebook is still legally on the hook for a September data breach that affected 30 million of their customers. Hackers were reportedly able to exploit several software failings in order to obtain login access to consumer accounts. Facebook had moved to have the case dismissed — but a federal appeals judge has shot down that argument, saying the case against Facebook for negligence and for failing to secure users’ data will proceed.
Discovery should move “with alacrity” for a trial, U.S. District Judge William Alsup said in his ruling. The judge did, however dismiss breach-of-contract and breach-of-confidence claims. Plaintiffs have until the 8th of July to amend their case.
“From a policy standpoint, to hold that Facebook has no duty of care here ‘would create perverse incentives for businesses who profit off the use of consumers’ personal data to turn a blind eye and ignore known security risks,”’ Judge Alsup said, citing a decision in a separate case.
Facebook has argued it is really the victim as the target of highly-sophisticated hack attacks — and that it ought not be liable for thieves gaining access to user names and contact information. Facebook also argued that while logins were compromised, data of real value like card numbers remained protected and unharmed.
Plaintiffs’ lawyers accused Facebook of a “cynical” argument and of having “abdicated all accountability” while “seeking to avoid all liability” for the data breach. The case was filed in San Francisco federal court as a class action.
This is not Facebook’s only case on the docket, either — the firm is currently facing a few lawsuits, not to mention regulatory probes of its business practices, after a 2018 scandal that revealed tens of millions of users’ worth of data had been shared with political consultancy Cambridge Analytica.
The case is Echavarria v. Facebook Inc., 3:18-cv-05982 , U.S. District Court, Northern District of California (San Francisco).