A Zoom-bombing of an online Bible study session has sparked a San Francisco church to file a class-action lawsuit against Zoom on claims the video conferencing company is failing to protect users.
On Wednesday, Saint Paulus Lutheran Church filed the class-action lawsuit after a hijacker infiltrated a church Bible study session last week to show child porn to attendees, many of whom were senior citizens.
The church had been hosting the Bible study session on Zoom in the wake of COVID-19. And according to the lawsuit, the session held last week on May 6 was password-protected. However, an intruder named “Christine (iPad)” still managed to break into the meeting.
“Immediately following the break-in, pornographic video footages began to run on all participants’ computers in a full-screen mode and with loud audio,” the lawsuit says. “Some footages involved physical abuse of children, in addition to sexual acts.”
The video host and participants tried to stop the screen-sharing and boot the intruder out. But according to the lawsuit, none of the security functions advertised by Zoom worked. Eventually, the video host and participants “logged off the meeting and logged back on, hoping to be rid of the intruder.” But the lawsuit says the hijacker returned only to show more child porn, leaving the Bible study attendees “traumatized and deeply disturbed.”
The church’s administrator then reported the incident to Zoom. In response, the company said it had identified and blocked the intruder from joining Zoom meetings in the future. “But Zoom refused to take any further action to remedy the situation or to improve the security of its video conferences,” the lawsuit claims. “Shockingly, Zoom admitted that the intruder was a ‘known serial offender who disrupts open meetings by showing the same video,’ and had been reported multiple times to authorities.
“It is baffling, to say the least, how Zoom failed to protect Saint Paulus’s Bible-study class from a ‘serial offender’ who has been ‘reported multiple times to the authorities,’” the lawsuit adds.
Zoom declined to comment on the legal action. But to this day, users continue to report suffering Zoom-bombing attacks over the video conferencing service.
A month ago, the company began trying to bolster the product’s security and privacy functions, which has introduced new safeguards, including requiring passwords for previously scheduled meetings, and turning on the “waiting room” feature for all users. Nevertheless, the security functions may not be easy for every user to understand. (For tips on preventing Zoom-bombing attacks, consult our guide.)
Saint Paulus Lutheran Church, on the other hand, claims Zoom could do more to protect users, but refuses to do so.
“Zoom prioritizes profit and revenue over data protection and user security while millions of users in the United States registered with Zoom based on its false advertisements and rely on Zoom’s platform to conduct their business during this pandemic,” the lawsuit adds.
The church claims Zoom has been deceiving consumers by making promises on security and privacy that were never fulfilled. Much of the lawsuit refers to media reports on how Zoom came up short on providing end-to-end encryption as previously advertised, and shared device data with Facebook without making the policy explicit or asking for consent.
The lawsuit is seeking damages and demanding the court ban Zoom from engaging in “negligent, unfair, unlawful and fraudulent” business practices.
