Advertisement

Zoom hit with class-action lawsuit for sharing user data with Facebook

With its popularity surging during a health crisis, the video conferencing service hasn't done enough to protect privacy, the suit alleges.
zoom lawsuit
The complaint accuses Zoom of violating the California Consumer Privacy Act, which requires companies to give consumers notice when they collect and use their personal information. (Image courtesy of Zoom)

A California man on Monday filed a class-action lawsuit against Zoom, alleging the video conferencing service illegally shared user data with Facebook.

With its popularity surging during the novel coronavirus pandemic, Zoom “has failed to properly safeguard the personal information of the increasingly millions of users” that use the app, the lawsuit alleges.

The complaint accuses Zoom of violating the California Consumer Privacy Act, which requires companies to give consumers notice when they collect and use their personal information.

The lawsuit cites a report last week from Vice News, which found that Zoom’s iOS app had been using a Facebook login feature to send the social media giant details on Zoom users. Those details included the model of a user’s device, their phone carrier, and what time zone they were in, the report said.

Advertisement

Asked for comment on the lawsuit, a Zoom spokesperson referred CyberScoop to the company’s blog post last week saying it had removed the data-sharing feature in a new version of the iOS app. The app never collected users’ names or other information on Zoom meetings, the company said. But the plaintiff argues that users will continue to be harmed because old versions of the app are still in use.

Zoom’s “wholly inadequate program design and security measures…will continue to result in unauthorized disclosure of its users’ personal information to third parties,” the complaint reads.

Bloomberg News was first to report on the lawsuit.

Zoom’s market value has jumped during the COVID-19 pandemic as an increasing number of people use the software as they telework. Malicious hackers have tried to capitalize.

Since the beginning of the year, 1,700 new domains referencing Zoom have been registered, with a quarter of them appearing in the last week, according to cybersecurity company Check Point. Just 4 percent of those domains contained “suspicious characteristics,” Check Point said, but it’s still an opportunity for malicious cyber activity.

Advertisement

New York Attorney General Letitia James is also scrutinizing Zoom’s security and privacy policies. James’s office on Monday sent a letter to Zoom asking the company what security measures it has in place to combat hackers interested in exploiting the app, the New York Times reported.

You can read the full complaint Zoom below.

 

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts