Rhode Island sues Google over the two Google+ data breaches

Rhode Island general treasurer Seth Magaziner announced that the Employees’ Retirement System of Rhode Island filed a motion to lead a shareholder class action lawsuit against Google parent company Alphabet, Inc.

The motion is pending in the U.S. District Court for the Northern District of California. The lawsuit accuses Google of misleading shareholders and federal regulators when it didn’t disclose the two Google+ data breaches while they were ongoing.

“Google had an obligation to tell its users and investors that private information wasn’t being protected,” said Magaziner.

“Instead, Google executives decided to hide the breaches from its users and continued to mislead investors and federal regulators. This is an unconscionable violation of public trust by Google, and we are seeking financial restitution on behalf of the Rhode Island pension fund and other investors.”

Google discovered the first Google+ data breach in March and waited until November to disclose it. Making matters worse, the vulnerability was reportedly live between 2015 and March 2018.

Google failed to disclose the breach almost immediately over “fears that doing so would draw regulatory scrutiny and cause reputational damage.” The vulnerability potentially gave third-party developers access to hundreds of thousands of users’ private data.

Google disclosed the second Google+ data breach only six days after the company discovered the vulnerability. Approximately 52.5 million users had their public and private profile information potentially exposed to developers.

The first data breach led Google to announce it will shut down Google+ for consumers in August 2019. The second data breach expedited that deadline to April 2019.

Android Authority reached out to Google for comment on the pending motion and will update this article if we hear back.

Next: Thanks to a second data leak, Google+ will shut down sooner than anticipated