The Covid-19 pandemic brought on a surge of “zoom-bombing” as hackers and pranksters crashed into virtual meetings with abusive messages and imagery. Now, Zoom has agreed to a “historic” payout of $85m as part of a class-action settlement brought by its users, including church groups who said they were left traumatized by the disruptions.
As part of the settlement agreement, Zoom Video Communications, the company behind the teleconference application that grew popular during the pandemic, will pay the $85m to users in cash compensation and also implement reforms to its business practices.
On Thursday, federal judge Laurel Beeler of California granted final approval to the agreement which was first filed in July. The agreement was granted preliminary approval in October.
The settlement stems from 14 class-action complaints filed against the San Jose-based company by users between March and May of 2020, in which they argued that the company violated their privacy and security.
In one incident two years ago, the Saint Paulus Lutheran Church in San Francisco was hosting a bible study class in which most of the participants were senior citizens. However, shortly into the session, “Zoom allowed a ‘known offender’… to ‘Zoombomb’ the class,” according to a federal lawsuit that was filed in May 2020.
According to the lawsuit, participants “had their computer screens hijacked and their control buttons disabled while being forced to watch pornographic video footages”, including images of child sex abuse and physical abuse.
The host was unable to remove the hijacker from the meeting room and asked the participants to leave and rejoin the meeting, only for the hijacker to bombard the meeting again with graphic content. The incident left the host and the participants “traumatized and helpless”, said the lawsuit.
In another incident that occurred in April 2020, participants who joined the virtual Sunday services at Oakland’s Oak Life Church via Zoom were bombarded with child sex abuse images.
According to short documents reviewed by the Los Angeles Times, “The participants from that meeting, many of whom were trauma survivors to begin with, were left traumatized and devastated.
“Oak Life Church was required to hire trauma counselors and establish support groups to assist its congregation in dealing with the resulting trauma,” the documents added.
In addition to failing to prevent “Zoombombings”, the case’s plaintiffs have accused Zoom of unlawfully sharing data with authorized third parties such as Facebook, Google and LinkedIn and misrepresenting the strength of its end-to-end encryption protocols.
Mark Molumphy, one of the attorneys representing Zoom in the case, described the settlement as “groundbreaking” in a statement, adding that it would also “implement privacy practices that, going forward, will help ensure that users are safe and protected”.
According to Molumphy, paying users who submit claims will be eligible for 30% of the subscription payment they made during the class period and others will each receive about $29. There are around 150 million settlement class members, which include paying and non-paying users, and the compensation amounts may change, depending on how many claims are submitted.
“In the age of corporate surveillance, this historic settlement recognizes that data is the new oil and compensates consumers for unwittingly providing data in exchange for a ‘free’ service,” plaintiff’s attorney Tina Wolfson said in a statement on Friday.
“It also compensates those who paid for a product they did not receive and commits Zoom to changing its corporate behavior to better inform consumers about their privacy choices and provide stronger cybersecurity,” she added.
As part of the settlement, Zoom has agreed to over a dozen changes to its business practices that are designed to “improve meeting security, bolster privacy disclosures and safeguard consumer data”, according to court documents.
As part of those changes, the company is required to develop and maintain a user-support ticket system to track reports of meeting disruptions, a documented process for communicating with law enforcement regarding disruptions that include illegal content, a suspend-meeting button and the ability to block users from certain countries.