Yahoo will be paying $50 million in damages along with offering free credit monitoring services to 200 million users in the US and Israel who were affected by the massive 2013 and 2014 security breaches. One of the internet history's biggest data breaches, the incident affected as many as 3 billion accounts.
"The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but weren’t disclosed until 2016," the Associated Press reported.
The company had failed to disclose the massive security breach while it was negotiating with Verizon for a potential sale. When the news broke about the incident, Yahoo initially suggested that 1 billion accounts were affected. The number was later on updated to 3 billion users. The company also reported a second breach affecting 500 million accounts in 2014.
Yahoo's mega security breaches were some of the first in the industry that continues to struggle with the security of its consumers' data. Since then several other companies and even government agencies have disclosed data breaches, with Equifax and Facebook possibly being at the top of the list in terms of the type of information that was accessed during these data breaches and security lapses.
Yahoo's disclosures brought its already negotiated $4.83 billion deal with Verizon Communications down by $350 million. Verizon, which finalized its acquisition last year, will be paying half of the settlement cost, while the rest will be paid by Altaba, the company formed from the leftovers of Yahoo's sale. Altaba has also paid a $35 million fine imposed by the Securities and Exchange Commission (SEC) for failing to disclose the breach to investors.
Who will get paid by Yahoo
According to the Associated Press, any "eligible" Yahoo account holder can make a claim for a portion of this $50 million fund if they can prove to have suffered losses due to the security breach. "The costs can include such things as identity theft, delayed tax refunds or other problems linked to having had personal information pilfered during the Yahoo break-ins," the report added. "The fund will compensate Yahoo account holders at a rate of $25 per hour for time spent dealing with issues triggered by the security breach, according to the preliminary settlement."
Up to 15 hours of lost time or $375 can be claimed if an account holder has documented losses. Those without documented losses can seek up to five hours or $125 in the settlement. Users who opted for a premium email account will receive a 25 percent refund.
A judge is scheduled to rule on the settlement on Nov 29 in San Jose, California. If approved, notices will be emailed to the affected Yahoo users.
While the news will be welcomed by Yahoo users in the US affected by the breach, it also opens possibilities for holding other tech and financial companies accountable for having lost even more types of personally identifiable data than what was at risk with Yahoo. If approved, this could also set an important precedent for other countries, as well.
In the storystream:
- Apr, 2018: Yahoo (Altaba) Finally Charged with “Failing to Disclose Massive Cybersecurity Breach” – Will Pay $35 Million
- Nov, 2017: NSA's Spying Obsession - How Lawmakers Could Use Yahoo & Equifax Breaches to Get the Agency More Powers
- Nov, 2017: Canadian Hacker Pleads Guilty to Conspiring with Russian Agents in Massive Yahoo Hack
- Oct, 2017: Yahoo Now Says ALL 3 Billion Accounts Were Compromised by the Massive Breach
- Mar, 2017: DoJ Charges Russian Spies Over Yahoo Hack - Data Was Used to Access Russian Journalists & Gov Officials' Accounts
- Mar, 2017: 32 Million Yahoo Accounts Affected in Yet Another Breach - Mayer Won't Receive Her Cash Bonus
- Feb, 2017: Yahoo Now Reporting a Third Attack, Again Blames "State-Sponsored" Hackers
- Feb, 2017: Senators Grill Yahoo Over Ducking Lawmakers' Questions - Demand Answers by Feb 23
- Jan, 2017: SEC Is Investigating Why Yahoo Took So Long to Disclose Its Massive Data Breaches
- Dec, 2016: Hackers Sold Yahoo's 1 Billion User Database for Just $300,000 on Dark Web
- Dec, 2016: Following Another Massive Data Breach, Experts Warn Not to Trust Yahoo Anymore - Here's How to Delete Your Account
- Dec, 2016: New Hack Record? Yahoo Says "More Than 1 Billion" User Accounts Breached in New Attack
- Nov, 2016: Yahoo Admits Staff Was Aware of the State-Sponsored Hack in 2014
- Sept, 2016: "State-Sponsored" Actors Hacked into Yahoo and Stole Data of over 500 Million Users
- Sept, 2016: Yahoo to Confirm Massive Data Breach Affecting 200 Million Users - Chaos for the New Owners?