Application Security

9/5/2017
02:10 PM
100%
0%

Judge Rules that Yahoo Breach Victims Can Sue

The 1 billion users who were victims in Yahoo's massive data breaches between 2013 to 2016 received court approval to move forward with their case.

A federal judge gave the green light for plaintiffs in Yahoo's massive data breach case to move forward with their class action lawsuit, according to court documents published by TechRepublic.  

US District Court Judge Lucy Koh handed Yahoo a blow, which had sought to dismiss the class action lawsuit in its entirety. The data breaches at Yahoo between 2013 and 2016 affected more than 1 billion users.

Yahoo claimed the plaintiffs had no right to sue, given they allegedly did not suffer an actual injury; the alleged injury was not "fairly traceable" to the "challenged conduct," and the alleged injury could not be "redressed by a favorable [court] decision."

In her ruling, however, Judge Koh stated that the plaintiffs have adequately alleged these three points. In addressing the first issue, Koh contended that previous court cases have accepted the risk of future identity theft, as well as the loss in value of personal identification information, as sufficient in demonstrating actual injury.

Read more about the Yahoo court ruling here and in TechRepublic's report.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2446
PUBLISHED: 2018-08-14
Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
CVE-2018-2447
PUBLISHED: 2018-08-14
SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database.
CVE-2018-2448
PUBLISHED: 2018-08-14
Admin tools in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, allows an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
CVE-2018-2449
PUBLISHED: 2018-08-14
SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying.
CVE-2018-2450
PUBLISHED: 2018-08-14
SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database.