Yahoo Has Agreed to Pay $50 Million to Around 200 Million Victims of 2013 and 2014 Massive Data Breaches That The Company Hid for 2 Years.
Yahoo will be paying $50 million in damages along with offering free credit monitoring services to 200 million users in the US and Israel who were affected by the massive 2013 and 2014 security breaches. One of the internet history’s biggest data breaches, the incident affected as many as 3 billion accounts.
“The restitution hinges on federal court approval of a settlement filed late Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but weren’t disclosed until 2016,” the Associated Press reported.
Related Adidas Starts Alerting a “Few Million Consumers” Whose Data May Have Been Exposed in a Security Breach
The company had failed to disclose the massive security breach while it was negotiating with Verizon for a potential sale. When the news broke about the incident, Yahoo initially suggested that 1 billion accounts were affected. The number was later on updated to 3 billion users. The company also reported a second breach affecting 500 million accounts in 2014.
Yahoo’s mega security breaches were some of the first in the industry that continues to struggle with the security of its consumers’ data. Since then several other companies and even government agencies have disclosed data breaches, with Equifax and Facebook possibly being at the top of the list in terms of the type of information that was accessed during these breaches and security lapses.
Yahoo’s disclosures brought its already negotiated $4.83 billion deal with Verizon Communications down by $350 million. Verizon, which finalized its acquisition last year, will be paying half of the settlement cost, while the rest will be paid by Altaba, the company formed from the leftovers of Yahoo’s sale. Altaba has also paid a $35 million fine imposed by the Securities and Exchange Commission (SEC) for disclosing the breach to investors.
Related Yahoo (Altaba) Finally Charged with “Failing to Disclose Massive Cybersecurity Breach” – Will Pay $35 Million
According to the Associated Press, any “eligible” Yahoo account holder can make a claim for a portion of this $50 million fund if they can prove to have suffered losses due to the security breach. “The costs can include such things as identity theft, delayed tax refunds or other problems linked to having had personal information pilfered during the Yahoo break-ins,” the report added. “The fund will compensate Yahoo account holders at a rate of $25 per hour for time spent dealing with issues triggered by the security breach, according to the preliminary settlement.”
Up to 15 hours of lost time or $375 can be claimed if an account holder has documented losses. Those without documented losses can seek up to five hours or $125 in the settlement. Users who opted for a premium email account will receive a 25 percent refund.
A judge is scheduled to rule on the settlement on Nov 29 in San Jose, California. If approved, notices will be emailed to the affected Yahoo users.
While the news will be welcomed by Yahoo users in the US affected by the breach, it also opens possibilities for holding other tech and financial companies accountable for having lost even more types of personally identifiable data than what was at risk with Yahoo. If approved, this could also set an important precedent for other countries, as well.
