In January, TopClassActions reported that in California, U.S. District Judge Edward J. Davila approved Google's $7.5 million settlement with users to end data breach claims caused by two software bugs in its now-defunct Google Plus (Google ) social network service. According to the memorandum, the payout will apply to "All persons residing in the United States who: (1) had a consumer Google account for any period of time between January 1, 2015, and April 2, 2019; and (2) had their non-public Profile Information exposed as a result of the software bugs Google announced on October 8, 2018, and December 10, 2018.”
The settlement estimated that about 10 million people could potentially make up the class members affected by the compromise. The memorandum noted that “The Settlement provides quick relief for Settlement Class Members, including payments for potentially disseminating their non-public information to unauthorized third-party application developers." Class members are expected to receive $5-$12 each.
Two separate class-action lawsuits were filed against the company and ultimately consolidated into one. The first Google class-action lawsuit was filed in October 2018 by plaintiffs Matt Matic and Zak Harris. They allege that Google did not take precautions to safeguard against the breach, exposing customers' personal information including names, genders, and email addresses, and possibly their occupations and home addresses. Additionally, the tech giant waited seven months from the time it discovered the compromise to time it notified its users.
After the lawsuit was filed, Google shut down its Google social media platform in August 2019 after an internal audit revealed that a bug in Google had exposed 500,000 users’ data since 2015.
To make matters worse, in an attempt to fix the initial breach, Google leaked more information allowing access to user data from 52.5 million accounts to third-party application developers.
The plaintiffs claim that "Google violated California’s Unfair Competition Law and filed claims of negligence, invasion of privacy, breach of confidence, breach of contract and breach of the implied covenant of good faith and fair dealing."
While admitting a technical glitch existed, Google maintained that while user information was exposed, there was no evidence of misuse by any developer. Therefore, the tech company denies any liability in connection with the settlement.