Yahoo has reached a $117.5 million settlement with victims whose personal data – email addresses, passwords, phone numbers, birthdates – was exposed in a breach of 3 billion accounts.
The massive breach affected every Yahoo user account in existence in August 2013, a disclosure that surfaced during the company's integration into Verizon Communications. Yahoo has been criticized for its slow response to three security incidents affecting billions of people between 2013 and 2016, when the breach was reported. The full damage was unknown until October 2017.
In March 2018, Yahoo agreed to pay $80 million in a class-action securities litigation brought by shareholders who said the company purposely misled them about its security practices. It also agreed to pay a $35 million fine to the Securities and Exchange Commission for misleading investors. At the time, a separate class-action suit was being brought by victims of the 2013 breach.
In January 2019, US District Judge Lucy Koh rejected a version of this settlement because it didn't specify the total value or amount victims could expect to receive as a result, Reuters reports. The $117.5 million settlement still requires Koh's approval.
Read more here.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.