Church Sues Zoom After 'Utter Failure in Providing Security' During Hacked Bible Class

A church in San Francisco filed a class-action lawsuit against Zoom Video Communications Wednesday after a virtual bible class was allegedly hacked and those participating in the class were forced to watch pornographic videos.

The company has been the subject of several lawsuits filed since Americans have increasingly been using virtual meeting technology to conduct business, recreational and religious activities during the novel coronavirus pandemic. In the lawsuit, filed Wednesday by the Saint Paulus Lutheran Church and one of its administrators, Zoom was accused of "utter failure in providing security" after one of the church's bible study classes was hacked on May 6.

"Zoom prioritizes profit and revenue over data protection and user security while millions of users in the United States registered with Zoom based on its false advertisements and rely on Zoom's platform to conduct their business during this pandemic," the lawsuit claimed.

According to the lawsuit, members of the bible study class were logged in to a password-protected virtual meeting space when another individual allegedly hacked into the gathering and began playing pornographic videos. The lawsuit alleged the study group was unable to turn off the videos and decided to end their class early after it was hacked a second time just minutes later.

Zoom Headquarters
Facade with sign at headquarters of videoconferencing, remote work, and webinar technology company Zoom (ZM) in the Silicon Valley, San Jose, California, March 28, 2020. A church in San Francisco filed a lawsuit against Zoom on Wednesday, alleging the company's failures in security enabled a hacker to access a bible class. Smith Collection/Gado/Getty Images

After alerting Zoom of the incident, the church administrator received a response from the company identifying the hacker as "a known serial offender" who had been "reported multiple times to the authorities," the lawsuit said. When further action was not taken by the company to address the incident, the church notified local and federal law enforcement agencies about the hacking, the lawsuit said.

Though the lawsuit said the bible study class of nine comprised mostly of senior citizens, it cited other cases in which children were targeted by Zoom hackers, including a college class in California and a meeting of high school students and families in Kentucky. Reports of incidents like these led the FBI to warn Americans who turned to virtual meeting spaces during the pandemic of the potential for hackers to break into the meetings.

In a late March press release, the FBI said it had received "multiple reports" of hacking incidents and identified Zoom specifically as a platform on which "Zoom-bombing" could occur.

Citing a Zoom security document, the lawsuit said the company did not protect those using its platform in spite of password protections and other assurances that meeting hosts would have control over who accessed the virtual meeting space. According to Zoom, the company has been working to address hacking incidents in recent months and has in blog posts identified privacy and security as two of its focuses for advancement.

Even so, the lawsuit said Zoom's alleged negligence, violation of privacy and breach of implied contract were among the church's causes for filing a class action suit, with questions of financial benefits also raised in the court filing.

"Zoom's promises of data privacy and security are false," the lawsuit said.

A Zoom spokesperson addressed the lawsuit in a statement shared Thursday with Newsweek. "We were deeply upset to hear about this incident, and our hearts go out to those impacted by this horrific event," the spokesperson said. "Words cannot express how strongly we condemn such behavior. On the same day we learned of this incident, we identified the offender, took action to block their access to the platform and reported them to the relevant authorities.

"We encourage users to report any incidents of this kind either to Zoom so we can take appropriate action or directly to law enforcement authorities. We also encourage all meeting hosts to take advantage of Zoom's recently updated security features and follow other best practices, including making sure not to broadly share meeting IDs and passwords online, as appeared to be the case here."

This story has been updated with a statement from Zoom.