Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/9/2019
11:00 AM
50%
50%

Yahoo Reaches $117.5M Breach Accord Following Failed Settlement

An adjusted settlement between Yahoo and the victims of its massive data breach is still awaiting approval.

Yahoo has reached a $117.5 million settlement with victims whose personal data – email addresses, passwords, phone numbers, birthdates – was exposed in a breach of 3 billion accounts.

The massive breach affected every Yahoo user account in existence in August 2013, a disclosure that surfaced during the company's integration into Verizon Communications. Yahoo has been criticized for its slow response to three security incidents affecting billions of people between 2013 and 2016, when the breach was reported. The full damage was unknown until October 2017.

In March 2018, Yahoo agreed to pay $80 million in a class-action securities litigation brought by shareholders who said the company purposely misled them about its security practices. It also agreed to pay a $35 million fine to the Securities and Exchange Commission for misleading investors. At the time, a separate class-action suit was being brought by victims of the 2013 breach.

In January 2019, US District Judge Lucy Koh rejected a version of this settlement because it didn't specify the total value or amount victims could expect to receive as a result, Reuters reports. The $117.5 million settlement still requires Koh's approval.

Read more here.

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Dr Guy Bunker
50%
50%
Dr Guy Bunker,
User Rank: Author
4/15/2019 | 10:53:49 AM
Yahoo Breach Settlement
The thing to highlight here is that slow notification - or no notification at all - is no longer tolerable. Especially under GDPR, having a quick notification plan in place will be the difference between a fine and a 4% global turnover fine!
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/10/2019 | 9:31:59 AM
Re: That took quite a long time
Lawyers
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/9/2019 | 3:10:29 PM
That took quite a long time
Hopefully this completes per the last caveat in the article but it seems like this took quite some time considering the breach was in 2013. What were some of the main factors that held this up?
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.