A U.S. federal judge has ruled in favor of China search engine giant Baidu, allowing the company to proceed with its lawsuit against Register.com for negligence.
The ruling followed Register.com’s arguments in March, claiming the suit was not valid because the master services agreement barred claims relating to employee mistakes except in cases of gross negligence. The suit is a result of January’s hack of Baidu by the Iranian Cyber Army, causing Baidu to lose control of the domain for five hours. Register employees failed to respond to direct contacts from Baidu employees attempting to correct the problem.
“I hold that Baidu has alleged sufficient facts in its complaint to give rise to a plausible claim of gross negligence or recklessness,” wrote U.S. Judge Denny Chin. “If these facts are proven they would provide a sufficient basis for a jury to find that Register acted in a grossly negligent or reckless manner, in which event the limitation of liability clause in the MSA would be ineffective.”
The judge cited four other reasons for his decision, largely stemming from negligence on the part of Register employees. The intruder provided an invalid security code and an incorrect response to a security question, yet the Register employee still altered Baidu’s account email. The rep also provided the hacker with Baidu’s user name and did not notice the provided email was actually hosted by Baidu’s rival, Google.
“If these allegations are proven, then Register failed to follow its own security protocols and essentially handed over control of Baidu’s account to an unauthorized intruder, who engaged in cyber vandalism,” Chin wrote. “On these facts, a jury surely could find that Register acted in a grossly negligent or reckless manner.”