Facial Recognition Data Breach – Clearview AI’s Client List Stolen

Date02 Mar 2020

Comment0

CategoriesConsumer Protection, Employment & Technology Archive

Entire Client List Reportedly Stolen – Clearview AI Disclosed Unauthorized Access to Its Customer List

Kehoe Law Firm, P.C. is making consumers aware that thedailybeast.com reported (“Facial-Recognition Company That Works With Law Enforcement Says Entire Client List Was Stolen“) that

[a] facial-recognition company that contracts with powerful law-enforcement agencies just reported that an intruder stole its entire client list, according to a notification the company sent to its customers.

In the notification, which The Daily Beast reviewed, the startup Clearview AI disclosed to its customers that an intruder ‘gained unauthorized access’ to its list of customers, to the number of user accounts those customers had set up, and to the number of searches its customers have conducted. The notification said the company’s servers were not breached and that there was ‘no compromise of Clearview’s systems or network.’ The company also said it fixed the vulnerability and that the intruder did not obtain any law-enforcement agencies’ search histories.

Nationalinterest.org reported (“Hackers! Facial Recognition Company With Massive Facebook Photo Trove Suffers Data Breach“) that “Clearview AI drew scrutiny after The New York Times reported in January that the company swiped 3 billion images from Facebook, YouTube and other social media platforms. The NYT also noted that law enforcement agencies used the company’s technology to identify sex abuse victims.”

Class Action Complaint Filed Against Clearview AI, Inc., Hoan Ton-That, Richard Schwartz, and Other Defendants, As of Yet Unknown

On February 27, 2020, a class action lawsuit was filed in United States District Court, Southern District of California, against Clearview AI, Hoan Ton-That, Richard Schwartz, and other defendants, as of yet unknown. The named defendants, allegedly, “unlawfully collected, captured, purchased, received through trade, obtained, sold, leased, traded, disclosed, redisclosed, disseminated, and/or otherwise profited from or used Plaintiffs’ and [t]he Class’s photographs and biometric information and identifiers in violation of [California’s Consumer Privacy Act of 2018, Illinois’s Biometric Information Privacy Act], and California’s law against Commercial Misappropriation.”

Despite the absence of notice or consent, Clearview AI, according to the complaint,

. . . illicitly ‘scraped’ hundreds, if not thousands or more, websites, such as Facebook, Twitter, and Google, for over three billion images of consumers’ faces.[] Clearview’s automated scraping of images violates the policies of websites like Facebook and Twitter, the latter of which specifically prohibits scraping to build facial recognition databases. Unlawfully, Defendants stored billions of scraped images of faces in Clearview’s database, used its facial recognition software to generate biometric information (aka a “Faceprint”) to match the face to identifiable information, and then sold access to the database to third-party entities and agencies for commercial gain.

The complaint also alleged that

[i]n clear violation of multiple privacy laws, Clearview sold for a profit access to billions of consumers’ Faceprints to law enforcement agencies and private companies across the country. Consumers did not receive notice of this violation of their privacy rights, and they certainly have not consented to it – in writing or otherwise. Clearview and its customers, including law enforcement and each of their employees, staff, and any number of other people, may be able to access billions of consumers’ identities, social connections, and other personal details based on the Faceprint created and sold by Clearview.

Further, the class action complaint alleges that “[o]nce Defendants generate the biometric information for millions of people, Clearview sells access to the database to law enforcement agencies and private companies”; “it has been shown that Clearview cannot adequately safeguard the biometric information and identifiers of Plaintiffs and the Class”; and “[recently,] it was publicly reported that there was a data breach of Clearview’s client list and other information.”

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.