Eighteen months ago, zooming became a verb. Not long after that, zooming became part of the English language, and now Zoom is paying the price. Zoom, a video conferencing platform that became part of everyday life with the outbreak of the pandemic, has settled a $ 85 million class data protection lawsuit stemming from the zoom-bombing attacks, reports The New York Times.
In addition to the high price tag, Zoom has agreed to improve its security protocols to protect the privacy of the platform’s users. This includes providing their employees with privacy and data handling training, notifying users when meeting attendees use third-party apps during meetings, improving privacy disclosure, and protecting their users’ personal information more closely.
14 actions summarized in 1
The data protection class action lawsuit, which combined 14 class action lawsuits, was filed in the U.S. District for the Northern District of California in March 2020. The lawsuit alleged that the privacy of Zoom users was compromised due to lax security practices and personal information was disclosed. Hackers were able to use the screen sharing feature to interrupt online meetings in order to share inappropriate and offensive messages and pictures.
The lawsuit also stated that Zoom shared user personal data with third-party services like Facebook, Google, and LinkedIn, and told users that their data was secure because of Zoom’s end-to-end encryption.
After the settlement is approved by U.S. District Judge Lucy Koh of San Jose, California, Zoom subscribers are eligible for a 15% refund on their main subscriptions or $ 25, whichever is greater. Other users may be eligible for a refund of up to $ 15. CNN reports that paying subscribers who were part of the class action lawsuit paid approximately $ 1.3 billion in Zoom subscription fees.
You might be interested in:
Although the company denied doing anything wrong, they issued a statement explaining their concerns for the privacy and safety of Zoom users.
“The privacy and security of our users is a top priority for Zoom, and we take our users’ trust in us seriously. We are proud of the progress we have made on our platform and look forward to continuing to innovate with privacy and security at the forefront, ”said Zoom.
In March 2021, Zoom filed a motion to dismiss the data protection class action. Although part of Judge Koh’s lawsuit was dismissed (allegations of invasion of privacy and negligence), other lawsuits, including those related to contracts, remained.
Image: Bigstock Photos
New security and data protection measures
Since the filing of the lawsuit, Zoom has taken a number of security measures to improve Zoom, starting with a 90-day security plan in Spring 2020 that sets out key milestones and measures to increase user protection and privacy. Changes included “robust security improvements” in the version of Zoom 5.0, AES 256-bit GCM encryption, and a number of upgrades to user experience and controls.
“I’m proud to have reached this step in our 90-day plan, but that’s just the beginning. We built our business by bringing joy to our customers. We will win the trust of our customers and bring them joy with our unwavering focus on providing the most secure platform, ”said Eric S. Yuan, CEO of Zoom, in a press release on April 22, 2020.
In June 2020, Zoom hired Jason Lee as chief information security officer. As a former Senior Vice President of Security Operations at Salesforce, Lee is charged with putting user security and privacy first.
“The safety of our customers is extremely important and is the focus of everything we do. We are pleased to welcome Jason, who has extensive industry experience, understands the complexities of serving a wide variety of users, and can lead Zoom’s efforts to strengthen the security of our platform during this time of rapid expansion, “said Aparna Bawa, Zoom chief executive officer Operations officer.
In October 2020, Zoom announced its new end-to-end encryption (E2EE) and its availability to free and paid users for meetings of up to 200 participants.
“We are very proud to bring Zoom’s new end-to-end encryption to Zoom users worldwide today,” said Zoom CISO Jason Lee. “This function has been very popular with our customers and we are looking forward to making this a reality. Kudos to our encryption team, who joined us in May from Keybase and developed this impressive security feature within just six months. “
Insider tips
When the need for video conferencing skyrocketed at the beginning of the pandemic, no one could predict how urgently such services would be needed or what growth would be possible over the next 18 months. Unfortunately, it has also created security vulnerabilities for hackers who have the time and plans of their own. Zoom will pay a heavy price for settling its data protection class action lawsuit – roughly 10% of total revenue for Q4 2020 – but they learned some important lessons in the process. Ultimately, your products and services and your customers will benefit from it.
Comments are closed.