When Heddi Cundle and eight other members of Saint Paulus Lutheran Church in San Francisco logged onto Zoom on May 6 for a Bible study, they were greeted by the unexpected: child pornography.
The graphic sexual acts were an example of “Zoombombing,” a hacking phenomenon that has taken off during the coronavirus shutdowns. Here, as in many other cases, Cundle’s call, which normally only featured people involved in group scriptural exegesis, was taken over by an intruder who subjected its participants to a graphic video showing adults engaged in sexual activity, as well as depictions of child and infant sexual abuse.
As long as the video was playing, Cundle had no control over the call. And when she attempted to move on, it occurred again, forcing her to end it as soon as possible.
She reached out to Zoom, one of the most popular teleconferencing providers, reported the incident, and asked that it tighten its security. The company, after reviewing the complaint, informed Cundle that this act had been perpetrated by a “serial offender” who had been “reported multiple times to the authorities.”
Unsatisfied with this explanation, Cundle asked for Zoom to reassure her that it would not happen again and that the company was taking serious steps against Zoombombers. She did not receive a response. So, on Wednesday night, Cundle filed a class-action lawsuit in San Jose, where Zoom is based, on behalf of the church, as well as other people affected by Zoombombing.
In her complaint, Cundle alleged that the company, by repeatedly allowing hackers to subject religious people to pornography, “prioritizes profit and revenue over data protection and user security.” Cundle also alleged that Zoom had sold her personal information illegally, a complaint many people have expressed since the number of Zoom users soared in March.
Albert Chang, one of the attorneys representing the church members, told the Washington Examiner that, considering the traumatic nature of what happened, they are pushing for Zoom to pay for counseling and other damages that resulted from the experience.
“This violation of the church’s sanctity was a direct result of Zoom prioritizing profit over user security,” Chang said. “Saint Paulus looks forward to proving its case in court on behalf of all victims of Zoom’s deceptive business practices and holding Zoom accountable for its misconduct.”
The experiences of Saint Paulus’s members are not isolated. Zoombombing has become a widespread problem as nearly all church congregations have been forced to move their services online by government stay-at-home orders.
In April, a Unitarian church in Waco, Texas, was Zoombombed during a service with a similar pornographic video, featuring child abuse. Kris Cervantes, a minister at the church, told the Waco Tribune-Herald that the incident was not only scarring, but that it tested her faith.
“It is difficult not to wish for vengeance in this case,” she said.
Another member of the church, Jeff Martin-Moreno, said that when the video began playing, his first impulse was to cover his screen and shield his eyes.
“I have seen a lot,” he said. “Never in my life have I ever seen anything like that. It was very jarring.”
Churches in Montana, Massachusetts, and California, among other states, have been subject to Zoombombings. Not all of the intrusions have been sexual. Some hackers, breaking into black congregations, have piped racist messages and images into people’s screens. Others, cracking into synagogues meeting online, have broadcast anti-Semitic slurs.
During an April service at Tabernacle Congregational Church in Salem, Massachusetts, several hackers took over the feed with images of burning crosses, Ku Klux Klansmen, and racist songs playing in the background. Police and the FBI said they are investigating the incident as a possible hate crime.
Amid complaints from businesses, schools, and many other people meeting online, Zoom has weathered a series of lawsuits in the past several months. In most cases, they have alleged that Zoom has been a faulty platform, allowing hackers to easily break into meetings, raising concerns about the company’s data security.
Cundle’s lawsuit, however, frames the grievances of churches on a different plane, alleging that by failing to protect their data, Zoom is endangering institutions whose “importance” and “sanctity” during the pandemic “cannot be overstated.”
