A recent Law 360 story by Dorothy Atkins, “Google’s $7.8M Data Breach Deal OK’d. Attys Get $1.8M” reports that a California federal judge overruled 761 objections and approved Google's $7.5 million deal resolving a proposed class action over a years-long data breach that exposed millions of accounts on the now-defunct Google+ social media platform, with class counsel getting $1.875 million in fees and $69,000 in costs.
During a hearing held via Zoom, U.S. District Judge Edward Davila approved the fee request, which represents 25% of the total settlement fund, along with a $1,500 incentive award to each class representative, but he asked counsel to give a breakdown of their lodestar. Class counsel, John A. Yanchunis of Morgan & Morgan, said their lodestar estimate is roughly $995,000, making the requested fees subject to a 1.88 multiplier.
Before approving the deal, Judge Davila noted there have been a little less than 50,000 opt-outs and 761 objectors, with a total pool of about 1.8 million individuals who opted in who will receive an estimated $3 each. The judge overruled the objections to the settlement and notice provisions, saying "the potential for the breach was large. It was great. It was significant," but the settlement reached was an arm's-length resolution that was fair, reasonable and adequate. The judge didn't address any of the objections further. Two objectors appeared during the hearing, but submitted their objections on their papers.
The complaint alleges Google learned of the initial breach in March 2018, but made the "calculated decision" not to tell its users until months later. It also alleges that the number of those impacted is likely "much higher" than the 500,000 users Google cited in its announcement, pointing to the fact the API logs are only built to keep historical data for two weeks. The suit, which claims the users' data is highly valuable on the dark web, accused Google and Alphabet of unfair and unlawful business practices, negligence, invasion of privacy, and violating California's Customer Records Act.