Zoom Agrees to Settle Lawsuit Over ‘Zoombombing’
Zoom Video Communications, the videoconferencing company whose internet app became a mainstay of American life during the coronavirus pandemic, has agreed to pay $85 million and improve its security practices to settle a lawsuit claiming it violated the privacy of its users.
Filed in March 2020, not long after the pandemic reached the United States, the suit claimed that Zoom shared personal data with third-party internet services and allowed hackers to interrupt online meetings through so-called “Zoombombing,” a phenomenon in which internet trolls exploit a screen-sharing feature on the videoconferencing app to show offensive messages or images.
Under the settlement, which still requires the approval of a federal judge, Zoom subscribers would be eligible to receive a 15 percent refund on their primary subscriptions or $25 — whichever is greater. Other users could receive a refund of up to $15.
The company also agreed to notify users when others use third-party apps during meetings and to provide training on privacy and data handling to its employees.
“The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us,” the company said in a statement. “We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront.”
In agreeing to settle the case, the company denied any wrongdoing.
In the spring of 2020, 14 class-action complaints were filed against the company over Zoombombing, a widely discussed phenomenon in the early weeks of quarantine that often involved pornography and racist language. This included, for instance, posting white supremacist messages during a webinar on anti-Semitism.
In May, the U.S. District Court for the Northern District of California consolidated the many complaints into a single class-action suit.
The suit also claimed that Zoom shared users’ personal data with third-party services such as Facebook, Google and LinkedIn and that it falsely told users that its service provided end-to-end encryption, a security measure that aims to prevent outsiders from eavesdropping on online communications.