Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/9/2019
11:00 AM
50%
50%

Yahoo Reaches $117.5M Breach Accord Following Failed Settlement

An adjusted settlement between Yahoo and the victims of its massive data breach is still awaiting approval.

Yahoo has reached a $117.5 million settlement with victims whose personal data – email addresses, passwords, phone numbers, birthdates – was exposed in a breach of 3 billion accounts.

The massive breach affected every Yahoo user account in existence in August 2013, a disclosure that surfaced during the company's integration into Verizon Communications. Yahoo has been criticized for its slow response to three security incidents affecting billions of people between 2013 and 2016, when the breach was reported. The full damage was unknown until October 2017.

In March 2018, Yahoo agreed to pay $80 million in a class-action securities litigation brought by shareholders who said the company purposely misled them about its security practices. It also agreed to pay a $35 million fine to the Securities and Exchange Commission for misleading investors. At the time, a separate class-action suit was being brought by victims of the 2013 breach.

In January 2019, US District Judge Lucy Koh rejected a version of this settlement because it didn't specify the total value or amount victims could expect to receive as a result, Reuters reports. The $117.5 million settlement still requires Koh's approval.

Read more here.

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dr Guy Bunker
50%
50%
Dr Guy Bunker,
User Rank: Author
4/15/2019 | 10:53:49 AM
Yahoo Breach Settlement
The thing to highlight here is that slow notification - or no notification at all - is no longer tolerable. Especially under GDPR, having a quick notification plan in place will be the difference between a fine and a 4% global turnover fine!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/10/2019 | 9:31:59 AM
Re: That took quite a long time
Lawyers
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/9/2019 | 3:10:29 PM
That took quite a long time
Hopefully this completes per the last caveat in the article but it seems like this took quite some time considering the breach was in 2013. What were some of the main factors that held this up?
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7822
PUBLISHED: 2020-08-04
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
CVE-2020-7823
PUBLISHED: 2020-08-04
DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
CVE-2020-6012
PUBLISHED: 2020-08-04
ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. A sophisticated timed attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems.
CVE-2019-20001
PUBLISHED: 2020-08-04
An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges.
CVE-2020-15467
PUBLISHED: 2020-08-04
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise.