Zoombombing Settlement Reached After Hackers Blast Offensive Messaging Over Platform

After hackers used Zoom for nefarious deeds during shutdowns, the company is on the hook for its lack of security.
By: | October 24, 2021

As the pandemic forced companies to turn to videoconferencing as a means of communications, Zoom Video Communications grew in popularity and use throughout the U.S. and globally.

So too did interest from hackers.

Soon, scheduled meetings between colleagues, gatherings among friends, and even Zoom classrooms were being met with interruptions from conferencing hackers — dubbed ‘Zoombombing’ — in which internet trolls would exploit the screensharing feature on the platform and show offensive messages and images.

One example was an anti-Semitism webinar that was disturbingly interrupted by images of white supremacist messaging.

As early as March 2020, just as COVID-19 reached the shores of U.S., the first of 14 class action suits was filed against the company for its inability to contain the hackings. In May 2021, the many complaints were consolidated into a single class action suit.

Further, the suit claims Zoom had shared personal data of its customers with third-party internet services without explicitly telling users. This, the suit alleged, brought about the subsequent hacking.
Among the third-party services included Facebook, Google and LinkedIn.

The real crux of the privacy argument, the suit alleged, was that Zoom falsely told users its services provided end-to-end encryption, a security measure that aims to prevent outsiders from joining, participating or listening in on online communications.

In August 2021, Zoom finally reached a settlement for the class action. It agreed to pay $85 million, as well as promised to improve its security practices moving forward. By settling, Zoom denied all wrongdoing.

Zoom subscribers, under the settlement, would be eligible to receive 15% refund on their primary subscriptions or $25 — whichever is greater. Further, the videoconferencing company agreed to notify its users when third-party services were in use during meetings.

Scorecard: Upon approval of a federal judge, Zoom will be on the hook for $85 million for falsely leading users to believe it had end-to-end encryption as well as for enabling Zoombombing hacks.

Takeaway: This is both a lesson in cyber due diligence and reputational risk. When it comes to providing services, businesses are keen on protecting private data of its consumers while also implementing best practices and following through on promises lest they wish to be caught in a legal battle over misgivings. &

Autumn Demberger is a freelance writer and can be reached at [email protected].

More from Risk & Insurance