Rhode Island sues Google after latest Google+ API leak
A day after Google announced a Google+ API leak that could have exposed the personal information of over 52.5 million users, a Rhode Island government entity filed a class-action lawsuit in a California court.
The lawsuit was announced yesterday on the website of the Rhode Island government. The government entity which filed it is the Employees Retirement System of Rhode Island (ERSRI), a government-owned investment fund that provides retirement, disability, survivor, and death benefits to state and municipal employees, and public school teachers.
ERSRI officials accuse Google of intentionally misleading shareholders and federal regulators by failing to disclose its Google+ data leaks in due time.
Altought filed this week, after the second Google+ API leak, the lawsuit cites both Google+ API incidents.
Google announced the first at the start of October when the company revealed that a Google+ API bug could have been used to collect the data of over 500,000 users.
The second incident was announced on Monday, when Google said that a Google+ API update introduced a second data leak that the company patched within a week. Google said this second leak wasn’t abused to harvest user data, but if someone did, they could have collected data on over 52.5 million users.
Now, the ERSRI is claiming that Google’s recent string of leaks and supposedly late disclosure dates have harmed the company’s stock value, incurring loses to investors, such as itself.
“Google had an obligation to tell its users and investors that private information wasn’t being protected,” said Rhode Island General Treasurer Seth Magaziner. “Instead, Google executives decided to hide the breaches from its users and continued to mislead investors and federal regulators.”
“This is an unconscionable violation of public trust by Google, and we are seeking financial restitution on behalf of the Rhode Island pension fund and other investors,” Magaziner said.
Google did not immediately respond to ZDNet’s request for comment.
This is the second class-action suit to name Google because of its Google+ API leaks. The first came in October, a day after the Mountain View company announced its first Google+ API leak. Facebook and Marriott were also sued shortly after announcing data breaches, even faster than Google, within hours.
Following the first Google+ API bug, Google announced it would be shutting down Google+ in August 2019, a date it moved forward to April 2019 after the second API leak.
A copy of the class-action lawsuit complaint is available here.