As a result of the Covid-19 pandemic, there was an increase in “zoom-bombing,” in which hackers and pranksters crashed into virtual meetings with abusive messages and imagery. Zoom has now agreed to a “historic” $85 million payout as part of a class-action settlement brought by its users, including church groups who claimed the disruptions traumatized them.
Zoom Video Communications, the company behind the teleconference app that became popular during the pandemic, will pay the $85 million in cash compensation to users as part of the settlement agreement, and will also reform its business practices.
On Thursday, California federal judge Laurel Beeler granted final approval to the agreement, which was first filed in July. In October, the agreement received preliminary approval.
The settlement is the result of 14 class-action lawsuits filed by users against the San Jose-based company between March and May of 2020, alleging that the company violated their privacy and security.
Two years ago, the Saint Paulus Lutheran Church in San Francisco hosted a bible study class with the majority of the participants being senior citizens. According to a federal lawsuit filed in May 2020, “Zoom allowed a ‘known offender’… to ‘Zoombomb’ the class shortly into the session.”
Participants “had their computer screens hijacked and their control buttons disabled while being forced to watch pornographic video footages,” including images of child sex abuse and physical abuse, according to the lawsuit.
The host was unable to remove the hijacker from the meeting room and asked the participants to leave and return, only for the hijacker to bombard the meeting with graphic content once more. According to the lawsuit, the incident left the host and the participants “traumatized and helpless.”
In a separate incident in April 2020, participants who joined the virtual Sunday services at Oakland’s Oak Life Church via Zoom were bombarded with images of child sex abuse.
“The participants from that meeting, many of whom were trauma survivors to begin with, were traumatized and devastated,” according to court documents reviewed by the Los Angeles Times.
According to the documents, “Oak Life Church was required to hire trauma counselors and establish support groups to assist its congregation in dealing with the resulting trauma.”
In addition to failing to prevent “Zoombombings,” the plaintiffs in the case have accused Zoom of illegally sharing data with authorized third parties like Facebook, Google, and LinkedIn, as well as misrepresenting the strength of its end-to-end encryption protocols.
In a statement, Mark Molumphy, one of the attorneys representing Zoom in the case, called the settlement “historic,” adding that it would “implement privacy practices that, going forward, will help ensure that users are safe and protected.”
According to Molumphy, paying users who submit claims will be eligible for 30% of the subscription payment they made during the class period, while others will receive approximately $29. There are approximately 150 million settlement class members, which include both paying and non-paying users, and compensation amounts may vary depending on the number of claims submitted.
“In the age of corporate surveillance, this historic settlement recognizes that data is the new oil and compensates consumers for unwittingly providing data in exchange for a ‘free’ service,” said plaintiff’s attorney Tina Wolfson in a statement on Friday.
“It also compensates those who paid for a product that was never delivered and commits Zoom to changing its corporate behavior to better inform consumers about their privacy options and provide stronger cybersecurity,” she added.
According to court documents, Zoom agreed to over a dozen changes to its business practices as part of the settlement, with the goal of “improving meeting security, bolstering privacy disclosures, and safeguarding consumer data.”
As part of the changes, the company must create and maintain a user-support ticket system to track reports of meeting disruptions, as well as a documented process for communicating with law enforcement about disruptions that include illegal content, a suspend-meeting button, and the ability to block users from specific countries.