Hi-Jacked LinkedIn Account Doesn't Cause "Loss" Under the CFAA

A plaintiff's claim under the Computer Fraud and Abuse Act, 18 U.S.C. §§ 1030(a)(2)(C) and 1030(a)(5)(C), based on her ex-employer's alleged hi-jacking of her LinkedIn account, has failed to survive the defendant's motion for summary judgment because the plaintiff failed to show a “loss” under the CFAA.  Eagle v. Morgan, No. 11-4303 (E.D. Pa. Oct. 4, 2012).

The plaintiff had maintained a LinkedIn account identifying her as the defendant's president while she was so employed.  After the defendant fired her, it changed the password on the plaintiff's LinkedIn account so as to deny her access.  The defendant also edited the LinkedIn account to identify it with the defendant's new president.

As discussed elsewhere on this blog, different courts have taken different approaches to defining “loss” under the CFA.  According to this court, a legally cognizable “loss” under the CFAA requires “impairment or damage to a computer or computer system,” or at least “lost revenue resulting from an interruption of service or the inoperability of computers.”  Mere allegations of harm to an ongoing business are insufficient.

Here, the plaintiff had adduced at most evidence that she had “missed out” on professional opportunities because of her inability to access the LinkedIn account. Thus, her allegations of loss were “pure conjecture.”

The court also granted summary judgment for the defendant on the plaintiff's Lanham Act claim. There could be no likelihood of confusion where the defendant had changed the identity of the LinkedIn account to someone other than the plaintiff.

The court did reject the defendant's argument that it should refuse to exercise supplemental jurisdiction over remaining state law claims.  Whether to do so was in its discretion. The case had been litigated over a year, and trial was two weeks away. Weighing factors of judicial economy, convenience, and comity, the court found that these factors weighed in favor of retaining jurisdiction.