Yahoo offers $117.5m settlement for 2013 monster hack

This revised proposition translates to just four cents apiece across all three billion compromised accounts

Yahoo

Yahoo has offered a settlement nearing 100 million to victims whose personal details were stolen by hackers in the world's largest data breach.

The web giant has proposed a $117.5 million (89.9 million) class-action settlement as recompense to the victims of a massive hack in 2013 that saw attackers steal account details and unencrypted security information.

Advertisement - Article continues below

But the offer will only cover a portion of the three billion victims, approximately 896 million accounts and no more than 194 million individuals in the US and Isreal, according to documents filed this week.

This roughly translates to less than 60 cents per class action member, and if the settlement were to be spread across all three billion compromised accounts, just four cents each.

But the full payout also includes lawyers fees of up to $30 million, $6 million in administrative costs, and costs and expenses of no more than $2.5 million. The named plaintiffs representing all 896 accounts will then be able to individually claim up to $7,500 as compensation.

Meanwhile, the individual members of the class action will have to settle for either two years of credit monitoring, estimated at $24 million collectively, or a fixed $100 figure for those who've already undergone credit monitoring. Small business and paid account users, meanwhile, could receive a payout of $500.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Yahoo previously offered a settlement last October, which Judge Lucy Koh struck down in January because it was not deemed "fair, reasonable and adequate" as required by law.

This was also due to the high share of lawyers fees, $35 million, and confusion over how much victims may recover from the proposed package. The revised settlement offer must also gain Koh's approval before any payouts can begin.

As part of the settlement, US telecoms giant Verizon, which owns Yahoo, has also offered to spend $306 million over the next four years on information security. This includes $108 million for 2019, and at least $66 million per year until 2022.

The parent company has also committed to more than quadruple Yahoo's staffing in this area to 200 through to 2022, against staffing levels at 'legacy Yahoo'.

Yahoo sustained three significant data breaches between 2013 and 2016, the largest of which is the subject of this lawsuit and saw personal information taken from all three billion compromised accounts.

Advertisement - Article continues below

CEO of web security firm High-Tech Bridge Ilia Kolochenko branded the $117.5 million sum "embarrassingly modest" given the scale and severity of the incident.

"It's pretty widespread for class actions that usually enrich the attorneys, not the victims," he said. "Otherwise, the settlement conveys an illusory message of relatively modest penalties for negligent data protection.

"In 2019, even a less severe breach is capable of exposing your company to incomparably severe and harsh sanctions in different jurisdictions. We have to take cybersecurity seriously or pay a considerable price."

The Information Commissioner's Office (ICO) previously fined Yahoo's UK branch 250,000 for failing to secure the personal information of 515,000 British users during a separate hack that took place in 2014.

IT Pro has contacted Verizon Media for a statement.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020