Facebook reached a settlement Friday in a class action lawsuit arising from a data breach in September 2018 affecting an estimated 29 million people.
The lawsuit consolidated more than a dozen actions into a class action suit. The goal of the action was to compel Facebook to improve its security practices and ensure regular assessment of Facebook’s practices by a third party. The settlement agreement meets these goals. Facebook agreed to make concrete improvements to its security practices and to undergo an annual independent assessment to ensure compliance with improved security practices. “This relief will help to protect not only the four million U.S. class members implicated in this suit but most of Facebook’s estimated 2.38 billion users,” said the settlement documents.
The data breach giving rise to this suit occurred on September 28, 2018, in which an attacker gained access to “digital credentials” that allowed the attacker to access users’ information, including names, birth dates, current cities, hometowns and more. The complaint alleged that Facebook failed to address known risks related to the digital credentials and that Facebook did not escalate the suspicious activity to security personnel after the attack was known. While Facebook continues to deny these allegations, stating that the risks were unknown and unforeseeable, the parties’ settlement looks to be the best solution for both parties.
The plaintiff is now asking the US District Court for the Northern District of California to approve the preliminary class action settlement terms.