A day after Google announced a Google+ API leak that could have exposed the personal information of over 52.5 million users, a Rhode Island government entity filed a class-action lawsuit in a California court.
The lawsuit was announced yesterday on the website of the Rhode Island government. The government entity which filed it is the Employees Retirement System of Rhode Island (ERSRI), a government-owned investment fund that provides retirement, disability, survivor, and death benefits to state and municipal employees, and public school teachers.
ERSRI officials accuse Google of intentionally misleading shareholders and federal regulators by failing to disclose its Google+ data leaks in due time.
Altought filed this week, after the second Google+ API leak, the lawsuit cites both Google+ API incidents.
Google announced the first at the start of October when the company revealed that a Google+ API bug could have been used to collect the data of over 500,000 users.
The second incident was announced on Monday, when Google said that a Google+ API update introduced a second data leak that the company patched within a week. Google said this second leak wasn't abused to harvest user data, but if someone did, they could have collected data on over 52.5 million users.
Now, the ERSRI is claiming that Google's recent string of leaks and supposedly late disclosure dates have harmed the company's stock value, incurring loses to investors, such as itself.
"Google had an obligation to tell its users and investors that private information wasn't being protected," said Rhode Island General Treasurer Seth Magaziner. "Instead, Google executives decided to hide the breaches from its users and continued to mislead investors and federal regulators."
"This is an unconscionable violation of public trust by Google, and we are seeking financial restitution on behalf of the Rhode Island pension fund and other investors," Magaziner said.
- Google+ and life after social media death (CNET)
- How to use Google Fi on non-Google phones (TechRepublic)
Google did not immediately respond to ZDNet's request for comment.
This is the second class-action suit to name Google because of its Google+ API leaks. The first came in October, a day after the Mountain View company announced its first Google+ API leak. Facebook and Marriott were also sued shortly after announcing data breaches, even faster than Google, within hours.
Following the first Google+ API bug, Google announced it would be shutting down Google+ in August 2019, a date it moved forward to April 2019 after the second API leak.
A copy of the class-action lawsuit complaint is available here.
- Twelve US states join for the first time to file multistate data breach lawsuit
- BeatStars discloses security breach in Twitter live stream
- Quora discloses mega breach impacting 100 million users
- Marriott reveals data breach affecting 500 million hotel guests
- Dunkin' Donuts accounts may have been hacked in credential stuffing attack
- Dell announces security breach
- Cathay Pacific breach leaks personal data on 9.4 million people CNET
- Why 31% of data breaches lead to employees getting fired TechRepublic