A federal judge rejected a Pennsylvania woman's argument that her employer violated a federal anti-hacking statute when it took control of her LinkedIn account after firing her. The court ruled the harms cited by the plaintiff were too speculative to pass muster under the Computer Fraud and Abuse Act (CFAA).

Linda Eagle was the head of a company called Edcomm when it was acquired in 2010. But relations soured and Eagle was fired the following year. Eagle had shared her LinkedIn password with another Edcomm employee so that she could help Eagle manage the account. When Eagle was shown the door, her former assistant changed the password on her account, freezing Eagle out of it. Edcomm then replaced Eagle's name and picture with the name and photograph of her successor.

Eagle sued in federal court, arguing among other things that the company's actions violated the CFAA. But the court dismissed that argument last week. The CFAA requires the plaintiff to demonstrate she was harmed by the defendant's unauthorized access to a computer system. Eagle had argued the loss of her LinkedIn account damaged her reputation, since she was unable to respond in a timely fashion to messages sent to her on the site. She also claimed that as a result, she lost business opportunities including one valued at more than $100,000.

But the court ruled those were not the kind of harms that triggered liability under the CFAA. "Plaintiff is not claiming that she lost money because her computer was inoperable or because she expended funds to remedy damage to her computer. Rather, she claims that she was denied potential business opportunities as a result of Edcomm's unauthorized access and control over her account." Lost opportunities are "simply not compensable under the CFAA," the court ruled. The court also ruled that reputational harms were not grounds for a CFAA lawsuit.

Additionally, the court dismissed Eagle's argument that replacing her name with that of her successor violated trademark law. However, this case will go forward based on Pennsylvania state law charges.

The obvious lesson of this incident is employers and employees should be sure to establish, in writing, whether a social media account is a personal account or belongs to the employer. And if you have a personal account, it can be risky to share the password with coworkers.