Yahoo to pay out £39 million after massive data breach
Affected users will get free credit monitoring service as well
Yahoo will pay out $50 million (39 million) in damages and offer free credit monitoring services to millions of its users after a data breach in 2013 led to around three billion accounts being compromised by hackers.
According to reports by Associated Press, the money will go to 200 million people affected by the hack. The company agreed to the compensation as part of a court settlement awaiting federal judge approval.
The attack in 2013, thought to be state-sponsored, stole personal details such as names, email addresses, dates of birth, phone numbers and hashed passwords. Yahoo stated that passwords, credit card numbers and bank account information were not stolen in the attack. The breach was not disclosed until 2016.
Yahoo revealed the problem after its sold its business to Verizon Communication. The price was later discounted by $350 million to reflect the problems caused by the breach to reputation.
The settlement will see Verizon paying half the costs with the other half picked up by Altaba Inc., a company set up to hold Yahoo's investments in Asian companies and other assets after the sale. In addition to this, Yahoo will pay $35 million on case-related lawyer fees and offer US users credit monitoring services for two years.
Claims for a part of the compensation fund can be submitted by an eligible Yahoo account user who suffered losses as a result of the breach. Account holders will be compensated at $25 per hour for time spent dealing with problems caused by the breach.
The report said that people with documented losses can ask for up to 15 hours of lost time, or $375.
Premium Yahoo account users who paid up to $50 per year for an email account will be eligible for a 25% refund.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now