A San Francisco Lutheran church alleges Zoom’s much-publicized failures when it comes to user privacy allowed a “known offender” to twice “Zoombomb” a May 6 bible-study class and force participants to watch disturbing pornographic footage while their screens were hijacked.
The plaintiffs, Saint Paulus Lutheran Church and a bible-study administrator, allege in the 39-page lawsuit that participants in the password-protected class were ambushed by footage “portraying adults engaging in sexual acts with each other and performing sexual acts on infants and children,” among other abuses, as a result of Zoom’s utter failure to safeguard user privacy.
“Traumatized and helpless, [the plaintiff] and Saint Paulus’s congregants ended their bible-study class,” the complaint says. “Immediately [the plaintiff] … reached out to Zoom and demanded action to rectify the situation and to improve security for future video conferences. But Zoom did nothing.”
Saint Paulus was forced to move its weekly bible-study classes online after a state of emergency was declared in California on March 4, the case explains. Zoom “stood out as a prime candidate for conducting online classes” given the company’s ostensibly secure and user-friendly platform, the suit says.
On May 6, however, a class of nine bible-study participants was commandeered by an intruder identified only as “Christine (iPad)” who hacked into the plaintiffs’ meeting room, the suit says. According to the lawsuit, the intruder began to run pornographic video footage on participants’ computers in full-screen mode and with loud audio, with those in the class unable to minimize or close their screens. They were also unable to eject the intruder using Zoom’s functions, the case adds.
Even after logging out of the meeting and logging back in, the participants were unable to get rid of the intruder, the lawsuit says, and the individual again ran full-screen graphic footage showing sexual and “other deviant acts.” Per the complaint, the plaintiff and other participants “were traumatized and deeply disturbed” by the incident.
After immediately contacting Zoom online and by phone to report the incident and demand action, the plaintiff was told via email that the company had identified and blocked the intruder from joining any future meetings using the same Zoom software, the suit says. Zoom, however, “refused to take any further action to remedy the situation or to improve the security of its video conferences,” the complaint claims, adding that the defendant admitted the hacker was “a known serial offender who disrupts open meetings by showing the same video” and was reported multiple times to authorities.
Zoom’s failure to prevent rampant Zoombombing, i.e. the commandeering of Zoom users’ screens without consent, evidences the embattled company’s commitment to profit and revenue over the safety of its users, the case alleges. Per the suit, millions across the country have registered with Zoom, whose popularity has exploded while many remain at home during the pandemic, based on the false assurance that the company prioritizes the protection of their personal information.
According to the case, the individual plaintiff was unaware when she registered for a paid Zoom account in March 2020 that the defendant would share the church’s private information with third parties, including Facebook. The plaintiffs say they were similarly unaware that granting Zoom access to the church’s information would allow the company to create a unique identifier profile for advertising purposes. As the plaintiffs tell it, the bible-study administrator signed on with Zoom with the belief that the company does not sell user data, takes seriously the protection of user privacy and has end-to-end encryption securing its video conferences.
The lawsuit looks to represent everyone in the United States who’s used Zoom during the applicable limitations period.
ClassAction.org’s coverage of COVID-19 litigation can be found here and over on our Newswire.