Block on Trump's Asylum Ban Upheld by Supreme Court
Employees whose LinkedIn accounts are hacked by previous employers have no recourse under the Computer Fraud and Abuse Act (CFAA), according to a ruling last week.
Linda Eagle shared her password with a coworker at Edcomm so she could get help managing her LinkedIn account. When Eagle was fired the coworker changed the account's password and the company put a new name and photo on the account.
The judge's opinion isn't that taking over someone else's LinkedIn account isn't ever hacking. But in this case, Eagle doesn't have a real claim against her ex-employer.
To bring a lawsuit under the CFAA, or almost any personal injury law, the plaintiff has to show some kind of real injury from the alleged action. Without measureable harm there's no legal claim.
Eagle claimed that the account takeover damaged her reputation and prevented her from responding to business offers in a timely manner.
She claims that cost her money. The judge disagreed.
In the federal court ruling, the judge noted that Eagle hadn't lost anything real. The claim that she lost prospective business is too speculative.
When it comes to filing a personal injury, there must be measurable damages. Potential harm generally doesn't meet the standards. If you're considering a personal injury suit, talk to an attorney to make sure you have a claim that's likely to succeed.
The judge also ruled that the CFAA is for other kinds of claims. If hacking makes a computer inoperable or requires the owner to buy a new system, there may be a claim.
For loss of potential revenue because of a changed password, there isn't much the court can do.
Eagle's lawsuit can still go forward because she has other claims against her previous employer although the CFAA claim was a large part of her suit, according to Ars Technica. The real lesson here seems to be: keep your passwords to yourself.