Frank Azar Logo Wide
Frank Azar Logo

800-716-9032 (24/7)

Google (Data Breach)

Overview

On October 8, 2018, Google announced a data breach that impacted users of its Google+ social media network (ā€œGoogle+ Data Breachā€). The personal information of up to 500,000 Google+ users was exposed due to a software glitch that gave third-party application developers access to private Google+ profile data between 2015 and March 2018.

Similar to Facebookā€™s Cambridge Analytica scandal, Google+ usersā€™ personal information was supposed to be protected and shared only with expressed permissions and limitations. However, Google allowed third-party application developers to improperly collect the personal information of Google+ users. Instead of informing the public about the breach and exposure of usersā€™ personal information immediately, Google chose to conceal the breach from the public for approximately 7 months, hoping to avoid the public backlash and Congressional scrutiny surrounding Facebookā€™s widely publicized Cambridge Analytica scandal.

On October 17, 2018, Frank Azar Car & Truck Accident Lawyers filed a class action lawsuit against Google and its parent company, Alphabet Inc., alleging violations of unfair competition laws, violations of the Colorado Security Breach Notification act, negligence, invasion of privacy, deceit by concealment, and a breach of Googleā€™s implied contract with users.

On January 6, 2020, plaintiffs asked Judge Edward J. Davila to approve a proposed settlement in which Google agreed to pay Google+ users $7.5 million to settle their class action claims related to the data breach.

Nature of the Claims Against Defendants

Google+ (or Google Plus) is a social network owned and operated by Google for consumers with Google accounts. Like other social media platforms such as Facebook or Twitter, Google+ facilitates the sharing of information, photographs, weblinks, conversations, and other content between users.

As part of the sign-up process and as a consequence of interacting with their social network, Google+ users create, maintain, and update profiles containing significant amount of personal information, including their names, birthdates, hometowns, addresses, locations, interests, relationships, email addresses, photos, and videos, amongst other items.

Google maintains a privacy policy that makes specific representations to its users regarding its affirmative duty to protect usersā€™ personal information, specifically providing that users are in control of who has access to their personal information. When a user adds a contact to his or her Google+ account, the user assigns that person to one or more ā€œcirclesā€ in order to categorize or organize the contact. Google+ users determine privacy settings for content, allowing content to be shared with the public or with only those in designated circles.

While usersā€™ personal information on Google+ was supposed to be protected and shared only within these expressed permissions and limitations, Google allowed third-party application developers to improperly collect the personal information of up to 500,000 Google+ users.

In practice, the Google+ Data Breach occurred as follows:

  1. Google+ User 1 (ā€œUser 1ā€) is friends with Google+ User 2 (ā€œUser 2ā€);
  2. User 1 shares personal information with her friends, including User 2;
  3. User 2 decides to connect to a third-party application through Google+;
  4. User 2 is prompted to give that application access to his own personal data, and he consents to providing it;
  5. Because of the Google+ Data Breach, the third-party application was also improperly granted access to all the detailsā€”including ones not marked publicā€”that User 1 had only given consent to be shared with User 2.

Despite Googleā€™s awareness of the breach as early as March 2018, instead of choosing to be transparent about the Google+ Data Breach, Google explicitly chose to conceal it from the public until after the public outcry following Facebookā€™s widely publicized Cambridge Analytica scandal had exhausted ā€“ hoping to avoid both public and Congressional scrutiny.

The complaint alleges that the Google+ Data Breach, and Googleā€™s conduct following the breach, violated unfair competition laws and the Colorado Security Breach Notification Act. Additionally, the complaint alleges negligence, invasion of privacy, deceit by concealment, and a breach of Googleā€™s implied contract with its users.

On January 6, 2020, plaintiffs asked Judge Edward J. Davila to approve a proposed settlement in which Google agreed to pay Google+ users $7.5 million to settle their class action claims related to the data breach.

Related Media

Google To Pay $7.5M To End Google+ Data Breach Suit

Google+ Will Shut Down After Security Hole Exposed User Data to Outside Develpers, Report Says

Google shutting down Google+ in the aftermath of a privacy glitch

Google faces mounting pressure from Congress over Google+ privacy flaw

GET A FREE CONSULTATION

  • This field is for validation purposes and should be left unchanged.

Speak to a Class Action Lawyer Today!

We Fight to Win Your Case or It Is FREE!

Call: 800-716-9032 (24/7)

YOUR RIGHTS TO COMPENSATION

  • Payment of Medical Bills
  • Payment for Wage Loss Due to the Injury
  • Compensation for Permanent Impairment
  • Scarring and Disfigurement from the Injury

We Can Help You With:

  • Free telephone, home or hospital consultation
  • Offices Throughout Colorado
  • No Recovery, No Fee
  • Extremely High Success Rate
Latest News