Application Security

9/5/2017
02:10 PM
100%
0%

Judge Rules that Yahoo Breach Victims Can Sue

The 1 billion users who were victims in Yahoo's massive data breaches between 2013 to 2016 received court approval to move forward with their case.

A federal judge gave the green light for plaintiffs in Yahoo's massive data breach case to move forward with their class action lawsuit, according to court documents published by TechRepublic.  

US District Court Judge Lucy Koh handed Yahoo a blow, which had sought to dismiss the class action lawsuit in its entirety. The data breaches at Yahoo between 2013 and 2016 affected more than 1 billion users.

Yahoo claimed the plaintiffs had no right to sue, given they allegedly did not suffer an actual injury; the alleged injury was not "fairly traceable" to the "challenged conduct," and the alleged injury could not be "redressed by a favorable [court] decision."

In her ruling, however, Judge Koh stated that the plaintiffs have adequately alleged these three points. In addressing the first issue, Koh contended that previous court cases have accepted the risk of future identity theft, as well as the loss in value of personal identification information, as sufficient in demonstrating actual injury.

Read more about the Yahoo court ruling here and in TechRepublic's report.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVE-2018-11475
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.