Zoom agrees $85m settlement over Zoombombing and privacy lawsuit

Zoom may have been the darling of pandemic video calling, but a "Zoombombing" lawsuit has cost the company $85 million after users complained that their data wasn't being sufficiently safeguarded. While video conferencing saw a huge uptick as people worked remotely and schools shifted to online learning, so too did cases of Zoom calls being accessed unofficially and disrupted.

That could range from unauthorized participants logging in and forcing those who were meant to be on the call to create a new video chat, through to classrooms being gatecrashed and filled with slurs and obscene material. Zoom blamed public sharing of meeting invite codes as part of the issue, though problems persisted.

The end result was a lawsuit filed in March 2020, in the U.S. District Court in the Northern District of California. It accused Zoom of not only taking insufficient care around securing video calls, but of sharing users' personal data with third parties without thoroughly disclosing that fact.

For example, security researchers discovered that the Zoom app was secretly sharing data with Facebook about users. That included information on when they opened the Zoom app for iOS, what device they did so on, their carrier, and other details. Although Zoom later removed the offending code, it was also criticized for having privacy policies which allowed the company to collect things like shared notes and transcripts for potential use in targeted adverts.

Today, Zoom agreed to pay $85 million in order to settle the lawsuit. If it reaches class-action status, it could mean customers of Zoom could get a $25 payment, or a 15-percent refund of their subscription. Those who used the service between March 30 and the final date of the settlement will be eligible. Currently, the agreement is waiting on approval from the U.S. District Court Judge, Lucy Koh.

"The privacy and security of our users are top priorities for Zoom, and we take seriously the trust our users place in us," Zoom said in response to the settlement, though the company refused to admit any wrongdoing. "We are proud of the advancements we have made to our platform, and look forward to continuing to innovate with privacy and security at the forefront."

In addition to the payout, Zoom will make several changes around meeting security and customer data privacy. It will also improve how it communicates privacy to users

It's not Zoom's only mea-culpa during the pandemic. Zoom CEO Eric Yuan conceded that the company had been overwhelmed by pandemic demand back in April 2020, and said that Zoom would be putting new feature development on hold as it worked instead to lock down the platform. The company also boosted its bug bounty program, paying security researchers who identified flaws in its code.