Yahoo to pay out £39 million after massive data breach

Yahoo will pay out $50 million (39 million) in damages and offer free credit monitoring services to millions of its users after a data breach in 2013 led to around three billion accounts being compromised by hackers.

According to reports by Associated Press, the money will go to 200 million people affected by the hack. The company agreed to the compensation as part of a court settlement awaiting federal judge approval.

The attack in 2013, thought to be state-sponsored, stole personal details such as names, email addresses, dates of birth, phone numbers and hashed passwords. Yahoo stated that passwords, credit card numbers and bank account information were not stolen in the attack. The breach was not disclosed until 2016.

Yahoo revealed the problem after its sold its business to Verizon Communication. The price was later discounted by $350 million to reflect the problems caused by the breach to reputation.

The settlement will see Verizon paying half the costs with the other half picked up by Altaba Inc., a company set up to hold Yahoo's investments in Asian companies and other assets after the sale. In addition to this, Yahoo will pay $35 million on case-related lawyer fees and offer US users credit monitoring services for two years.

Claims for a part of the compensation fund can be submitted by an eligible Yahoo account user who suffered losses as a result of the breach. Account holders will be compensated at $25 per hour for time spent dealing with problems caused by the breach.

The report said that people with documented losses can ask for up to 15 hours of lost time, or $375.

Premium Yahoo account users who paid up to $50 per year for an email account will be eligible for a 25% refund.