Judge denies Yahoo's bid to dismiss data breach lawsuits

Verizon-owned Yahoo must defend itself against data breach claims

A US federal judge has ordered Yahoo to face legal action over a series of data breaches that exposed the personal data of three billion users.

US District judge Lucy Koh rejected a bid from Verizon Communications, the firm that bought Yahoo's internet business in June last year, to dismiss a number of claims, including for negligence and breach of contract. However, some other claims were dismissed.

Advertisement - Article continues below

Plaintiffs accused Yahoo of taking too long to disclose three data breaches that occurred from 2013 and 2016. Yahoo eventually admitted the breaches, but only when it had agreed to be acquired by Verizon, leading to Verizon dramatically reducing its bid.

The filing mentions several customers whose data was breached by criminals and used to file fraudulent tax returns or credit card charges. Others had to purchase credit monitoring services to check on their credit and finances.

However, Yahoo moved to dismiss many claims including those for negligence and breach of contract. An amended complaint from plaintiffs came after Yahoo raised its estimates over the extent of compromised accounts.

In a 48-page decision published last Friday, Koh said that the arguments raised in Yahoo's motion to dismiss - such as criticising users for not reading its privacy policy and for continuing to use Yahoo Mail after the attacks - were "unpersuasive". She added that the amended complaint showed that security was an important factor in plaintiffs' decision to use Yahoo.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Plaintiffs' allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System," Koh said.

Koh added that customers may have "taken measures to protect themselves" if they were aware of the breaches sooner.

The judge agreed to dismiss claims of violations of California's unfair competition law, but upheld the claim of another plaintiff who had paid for Yahoo's premium email service.

"Even if his annual fee did not provide for security measures above and beyond those for free accounts, Plaintiff Mortensen pleads that Defendants' representations about security formed part of the reason for him to use Yahoo! Mail in the first place and to pay $19.95 per year for the premium email service," Koh said.

Overall, the judge denied Yahoo 10 motions to dismiss while granting six, meaning that Yahoo will have to defend itself in court or make a settlement.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020