Social Networking Developer Faces Class Action Related to Online Security Breach

March 30, 2010

A recently filed putative class action complaint claims that RockYou, Inc. (“RockYou”), a developer of social network applications, has put its 32 million users at risk of identity theft. The complaint, Claridge v. RockYou, Inc., No. 09-cv-6032 (ND Cal. Dec. 28, 2009), alleges that the company improperly stored its customers’ sensitive personal data in an unencrypted, easily-hacked database. The complaint further asserts that this database has been hacked; that hackers have taken the user names and passwords of roughly 32 million RockYou users; that RockYou did not properly secure its database until days after an Internet security firm first notified the company that its system had been breached; and that RockYou failed to promptly notify its users of the problem. RockYou has acknowledged the security breach, and has vowed rectify it.

The security breach allegedly took place sometime shortly before December 4, 2009, and allowed hackers easy access to customers’ email address, RockYou user names, and RockYou passwords. Because many customers use identical user names and passwords for a number of accounts, the breach may have left users vulnerable to attacks on their email accounts, online bank accounts, and other sensitive information stores, the complaint alleges. RockYou did not notify its customers of the security breach until December 15 and 16, 2009.

The complaint alleges that RockYou’s actions violate industry security standards; the company’s own Terms of Use agreement; and California unfair competition, computer crime, and other state laws. Plaintiff Alan Claridge seeks damages on behalf of himself and the class, as well as a permanent injunction restraining RockYou from storing its customer data in unencrypted databases that do not comport with industry security standards. The case has been assigned to Judge Vaughn R. Walker of the US District Court for the Northern District of California, and the initial case management conference has been set for May 6, 2010.

Companies that maintain consumers’ personal data must take careful steps to protect that information. It is prudent to seek legal advice when both taking steps to prevent data security breaches, and when dealing with the aftermath of such an event. To learn more about Arent Fox’s services in this area, please contact:

Anthony V. Lupo
lupo.anthony@arentfox.com
202.857.6353

Matthew R. Mills
mills.matthew@arentfox.com
202.715.8582

Grace L. Applefeld
applefeld.grace@arentfox.com
202.857.6498

Firm

History

Awards & Recognitions

Diversity

Alumni

Pro Bono

Leadership

Deals & Cases

People

Practices & Industries

Practices

Industries

Newsroom

Alerts

Events

Media Mentions

Press Releases

Social Media

Subscribe

Careers

Lawyers

Law Students

Professional Staff

Contact

Washington, DC

New York, NY

Los Angeles, CA

Alerts

Alerts by Criteria

Social Networking Developer Faces Class Action Related to Online Security Breach

Footer Main

Offices

Alerts by Criteria

You are here

Social Networking Developer Faces Class Action Related to Online Security Breach

Related People

Related Practices