Today we are talking about the Yahoo Data Breach Settlement. Yahoo first disclosed an unauthorized third-party breach which compromised 500 million accounts, before discovering another state-sponsored attack which compromised additional accounts.
The $117.5 million settlement represents one of the largest common funds ever obtained in data breach litigation. It settled class action litigation brought under In re: Yahoo! Inc. Customer Data Security Breach Litigation as well as state court action (Yahoo! Inc. Private Information Disclosure Cases (JCCP No 4895).
Introduction
Yahoo acknowledged in September 2016 that an unknown state-sponsored actor had conducted a data breach which resulted in the theft of personal data of 500 million users, as well as malicious actors having gained entry to Yahoo servers again in 2014 to steal more personal data, such as names, email addresses, telephone numbers, birth dates, passwords and security questions and answers, among other details.
These breaches led to a $117.5 million class action settlement, congressional inquiries, and serious implications for Verizon Communications’ acquisition of Yahoo. Additionally, these breaches raised serious concerns that Yahoo had failed adequately to protect customer personal information while not timely informing users of breach incidents.
The Yahoo Data Breach Settlement brings to a conclusion a class action lawsuit on behalf of individuals whose personal data was breached and sold on the dark web, providing cash reimbursements for out-of-pocket expenses as well as two years’ credit monitoring through AllClearID. If you own a Yahoo account in either the US or Israel, and reside within these jurisdictions, filing a claim could be eligible.
Is a Yahoo Data Breach Settlement Right for You?
This settlement resolves claims against Yahoo for failing to disclose three separate data breaches and includes a $117 million fund for out-of-pocket expenses and credit monitoring services.
In 2014, hackers gained access to 500 million Yahoo accounts, taking names, email addresses, phone numbers, birth dates, and passwords from them. Malicious actors then employed fake cookies in 2015 and 2016 in order to access these email accounts without using passwords – bypassing password protection altogether!
Under the terms of its settlement agreement with Oath, Yahoo must strengthen its security practices, increase team headcount and budget allocation for information security teams, implement NIST cybersecurity frameworks, and strengthen security practices to better safeguard personal information. This represents a substantial commitment toward safeguarding you.
If you receive benefits from the settlement, it may require you to waive your right to sue Defendants in this lawsuit for claims related to Data Breaches. You may opt out by sending a letter to the Settlement Administrator asking to be excluded; for more detailed instructions on this subject see FAQs 27-29.
How to Negotiate a Yahoo Data Breach Settlement
If one of Yahoo’s significant data breaches affected you, compensation might be available. A Washington DC, Maryland or Virginia Yahoo data breach lawyer could assist with filing your claim and making sure it gets through quickly and smoothly.
Yahoo announced in 2014 that its systems had been compromised, leading to compromised names, emails addresses, birth dates, phone numbers, security questions/answers/passwords; hackers also stole personal data related to bank accounts, medical records, and social security numbers.
This settlement, totalling an estimated $117.5 million, will compensate victims who can demonstrate they were injured from data breaches. They will receive two years of credit monitoring with AllClearID including theft insurance coverage as well as cash compensation to cover out-of-pocket costs associated with identity fraud management services, such as attorney fees.
U.S. District Judge Lucy Koh, who rejected the settlement’s initial version in January, made changes in response to her concerns. Yahoo will present their revised proposal before her for approval at a hearing scheduled for Nov 29 in San Jose, California. In addition, Yahoo must implement changes into their business practices which increase security of personal information held within its databases.
10 Tips for Your Yahoo Data Breach Settlement
Yahoo has come to an agreement to compensate users impacted by multiple data breaches with compensation of two years’ credit monitoring service and cash compensation for out-of-pocket expenses incurred due to these hacks, such as identity theft protection or credit freeze services. Additionally, reimbursement will also cover fees paid out related to those breaches such as identity theft protection or freeze services that provide services such as identity protection or freeze services.
Lawyers representing the plaintiffs claim this settlement to be one of the largest ever reached in a class action data breach lawsuit. On top of credit monitoring and cash payouts, Yahoo has agreed to invest an estimated $306 million over five years towards information security – five times what was spent between 2013 and 2016.
Signing up for the settlement by July 20, 2020 is still possible, though your actual payout amounts may differ significantly from those advertised online due to high claim submission volumes – similar to Equifax claim settlement site which quickly reached maximum capacity with submissions.
Conclusion
Since 2013, hackers were able to gain entry to billions of Yahoo accounts, accessing email, calendar, and contact data without their users knowing. A class action settlement covers three hacks from 2013 that affected 3 billion users; another from 2014 (although Yahoo says no data was taken at this point); and finally one in 2016 which compromised millions more accounts and breached user contracts for premium or small business services on Yahoo. Settlement terms include credit monitoring services as well as alternative compensation payments to users with subscriptions paid for Yahoo premium services or reimbursement of fees from users who had paid for premium or small business services on Yahoo.
Court of Claims found these benefits essential, given “Yahoo’s history of nondisclosure and lack of transparency” surrounding its Data Breaches. Furthermore, Court found Yahoo’s settlement offer fair, adequate, and reasonable given the relief provided to class members as well as any non-monetary business practice changes Yahoo and Oath agreed to implement.
Submit your request to opt out of the Yahoo Data Breach Settlement by September 20, 2022 and you will no longer be eligible for any of its benefits (free credit monitoring and alternative compensation, for instance). Additionally, by opting-out you give up the right to sue defendants in this lawsuit over Data Breaches.
