As part of a class action lawsuit, executives of video conferencing platform Zoom agreed to pay compensation after an investigation concluded the platform maintained very poor security and data protection practices.
The settlement was filed Saturday as an attempt by the U.S.-based company to stop the class action lawsuit in which plaintiffs argue that Zoom facilitated the deployment of criminal activities, including misrepresenting its end-to-end encryption and transferring its users’ data to Facebook without prior consent.
The lawsuit claims that these practices were the cornerstone of the Zoombombing hacking campaign, which involved hijacking thousands of Zoom sessions, affecting tens of thousands of users. The lawsuit proposes the creation of a cash fund with $85 million USD, an amount that should be used to pay claims and cover the fees of the plaintiffs’ legal team. Zoom reported earnings of $1.3 billion USD during 2020 in the U.S. alone, so this amount equals 6% of its annual earnings.
For the settlement to be recognized, it will still need to be approved by U.S. District Judge Lucy Koh, in charge of the case. Judge Koh has experience in cases like this, as she also handled similar lawsuits against Apple and Samsung. The next hearing in this case will take place in October 2021.
In addition to the creation of the compensation fund, Zoom committed to improving its data security and user privacy practices. Among the improvements planned by the platform is the implementation of notifications about logged-in users in an ongoing session, privacy alerts, and logging of any meetings involving illegal content. On the other hand, Facebook will have to delete any data that Zoom has shared with the social network.
In this regard, the company issued a statement this weekend: “The privacy and security of our users are zoom’s top priorities, and we take seriously the trust our users place in us.” However, the company has not responded to the multiple requests for information.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.