Zoom to pay $85 million to settle “Zoombombing” lawsuit

Zoom Video Communications has agreed to pay $85 million to settle a lawsuit over customer privacy and security breaches linked to thousands of “Zoombombing” incidents nationwide.

The class-action suit, filed last year in California, also accused Zoom of sharing users’ data with Facebook, Google and LinkedIn without users’ permission. The complaint blamed the technology company for incidents on its platform, claiming that lax security failed to stop the attacks. 

Zoombombing happens when a hacker or an uninvited guest crashes a videoconference and posts pornographic or hate images or otherwise to disrupt the meeting. Most of the incidents mentioned in the suit took place last year as the nation switched from in-person work rituals to video meetings. Zoom executives acknowledged the issue last year and said they have since changed their security practices. 

Lawyers representing Zoom users filed a proposed settlement on Saturday that would offer a 15% refund on their paid Zoom account, or $25, whichever would be greater. Customers without a paid account would be eligible for a $15 payment, according to court documents. 

“All class members are eligible for payment, regardless of whether or not they paid for a Zoom account,” lawyers wrote in the settlement. 

Two Massachusetts schools were victims of Zoombombing last year. And the National Association of Real Estate Brokers held a 200-person Zoom conference in 2020 that also had been breached. On the same day of the real estate conference breach, the Laguna Beach City Council in California also had its meeting Zoombombed with pornography. 

Thousands fall victim to “Zoom-bombing” 09:03

Zoom customers would be eligible for a refund if they opened their account with the company between March 30, 2016, and July 30, 2021, the settlement states. The settlement excludes government workers, judges and their staff as well as individuals who were using an account created on their behalf by their employer.

Data privacy protection

U.S. district judge Lucy Koh must approve the settlement before refunds can be claimed. Lawyers said the $85 million is about 6% of the total revenue Zoom generated while sharing users’ data. Aside from a refund and $85 million, the settlement detailed ways Zoom has made changes to its platform to help reinforce data privacy. For example, an on-screen notification will pop up for users when the host or someone else in the room is using a third-party application during a meeting.

Zoom has denied it committed any law violations and questioned whether users actually suffered injury or damages. In a statement Monday, Zoom didn’t address the settlement and instead touted security updates, saying it is “proud of the advancements we have made to our platform.”

“The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us,” the company said.