Jump to content

Yahoo Agrees to $80 Million Settlement Over Data Breaches


Recommended Posts

Yahoo has agreed to pay $80 million to settle a federal securities class action lawsuit following the massive data breaches that compromised the personal information of three billion users.





The suit was filed by several shareholders in January 2017, alleging the web services provider intentionally misled them about its cybersecurity practices, in turn, causing the company’s stock prices to drop.


According to reports, it is still unclear whether the proposed settlement will close the case, as one of the named plaintiffs in the suit did not agree to it.


The settlement includes all those who purchased or acquired Yahoo securities on the open market between April 30, 2013, and Dec. 14, 2016.


In the second half of 2016, Yahoo disclosed two massive breaches that compromised user account data, including names, email addresses, telephone numbers, dates of birth and hashed passwords.


Initially, the company reported a 2014 breach, which it said had impacted roughly 500 million user accounts. Months later, it announced a separate breach that dated back to 2013.


At the time, Yahoo said it believed one billion user accounts had been affected but it wasn’t until October 2017 that it confirmed that all three billion of its user accounts had been impacted.


If the court approves the settlement, it will mark the first recovery in a shareholder lawsuit involving a data breach.


Meanwhile, experts argue Yahoo will continue to face the fallout from the breaches that occurred several years ago.



“This is likely not the last loss of Yahoo related to the breach: reputational damage is ongoing, and new lawsuits may be filed in other jurisdictions or by victims who opted out from the class action,” Ilia Kolochenki, CEO at Hi-Tech Bridge, told Infosecurity Magazine.


Despite the incidents, Verizon acquired Yahoo for $4.48 billion last year – $350 million less than the original $4.8 billion offer after the breaches were disclosed.



Link to comment
Share on other sites

  • Replies 2
  • Views 409
  • Created
  • Last Reply


Looks like Yahoo users can sue Yahoo for that data breach. See below...


Data breach victims can sue Yahoo in the United States

March 12, 2018
(Reuters) - Yahoo has been ordered by a federal judge to face much of a lawsuit in the United States claiming that the personal information of all 3 billion users was compromised in a series of data breaches.

In a decision on Friday night, U.S. District Judge Lucy Koh in San Jose, California rejected a bid by Verizon Communications Inc, which bought Yahoo’s Internet business last June, to dismiss many claims, including for negligence and breach of contract.


Koh dismissed some other claims. She had previously denied Yahoo’s bid to dismiss some unfair competition claims.


Yahoo was accused of being too slow to disclose three data breaches that occurred from 2013 and 2016, increasing users’ risk of identity theft and requiring them to spend money on credit freeze, monitoring and other protection services.


The breaches were revealed after New York-based Verizon agreed to buy Yahoo’s Internet business, and prompted a cut in the purchase price to about $4.5 billion.


A Verizon spokesman had no immediate comment on Monday. A lawyer for the plaintiffs did not immediately respond to requests for comment.


The plaintiffs amended their complaint after Yahoo last October revealed that the 2013 breach affected all 3 billion users, tripling its earlier estimate.

Koh said the amended complaint highlighted the importance of security in the plaintiffs’ decision to use Yahoo.


“Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,” Koh wrote.


She also said the plaintiffs could try to show that liability limits in Yahoo’s terms of service were “unconscionable,” given the allegations that Yahoo knew its security was deficient but did little.


In seeking a dismissal, Yahoo said it has long been the target of “relentless criminal attacks,” and the plaintiffs’ “20/20 hindsight” did not cast doubt on its “unending” efforts to thwart “constantly evolving security threats.”


Last March, U.S. prosecutors charged two Russian intelligence agents and two hackers in connection with one of the Yahoo breaches.


One accused hacker, Karim Baratov, a Canadian born in Kazakhstan, pleaded guilty in November to aggravated identity theft and conspiracy charges. The other defendants remained at large in Russia.


The case is In re: Yahoo Inc Customer Data Security Breach Litigation, U.S. District Court, Northern District of California, No. 16-md-02752.



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...