Rhode Island Sues Google Citing Google+ API Leaks

Just a day after Google announced a Google+ API leak, which could have impacted many users, a Rhode Island government entity has filed a lawsuit against the global internet giant.

We had reported, on December 11, that Google+ had been hit by a bug which could have led to the accounts of about 52.5 million users getting compromised and also that following the incident, Google has announced its plans of shutting down consumer Google+ earlier than scheduled.

Now, immediately after the announcement from Google, a government entity from Rhode Island files a class-action lawsuit against Google in a California court. It’s the Employees Retirement System of Rhode Island (ERSRI) that has filed this lawsuit against Google; the ERSRI is a government-owned investment fund that provides, to state/municipal employees and public-school teachers, various retirement, disability, survivor and death benefits.

The ERSRI officials have accused Alphabet, Inc., the parent company of which Google is a subsidiary, of intentionally misleading shareholders and federal regulators by failing to disclose the data leaks in due time.

The lawsuit complaints allege that Google made “materially false and misleading statements in violation of the Exchange Act regarding Alphabet’s security failures affecting users’ personal data.” The complaints specifically allege that Google had made false and/or misleading statements and/or failed to disclose that “…the Company’s security measures had failed recently and massively, as Google had exposed the private data of hundreds of thousands of users of Google+ to third parties”.

The lawsuit alleges that Google’s “…security protections did not shield personal user data against theft and security breaches”, and also that “…the Company’s security measures had been breached due to employee error, malfeasance, system errors or vulnerabilities”.

Though the lawsuit has been filed this week, after the latest Google+ incident had come to light, it cites both the API incidents. It was in October that the first report was revealed; Google then announced the detection of a Google+ API bug that could have been used to collect unauthorizedly the personal data belonging to over 500,000 users. The second incident was announced this Monday; Google, in an announcement, discussed the detection of the second API bug, which could have impacted over 52.5 million users. Google had patched the issue and the company also stated that the bug wasn’t exploited by anyone to harvest user data.

ERSRI claims that the Google+ incidents and the late disclosures of these incidents have harmed the company’s stock value and had incurred losses to investors, including ERSRI itself.

Google is yet to respond or comment to the filing of the lawsuit. This is the second lawsuit being filed against Google based on the Google+ API leaks. The first one was filed in October, a day after the API bug was announced.

Google, following the two API bug incidents, has decided to shut down commercial Google+ in April 2019 and not in August 2019 as announced earlier.