Yahoo’s $117 million data breach settlement rubber-stamped

Eligible users can claim up to an estimated $100 following the compromise of data in several major breaches

Authorities have finalised a compensation package with Yahoo several years after its users were affected by a host of massive historic data breaches between 2012 and 2016.

A proposed package of $117.5 million (£89.9 million) is close to being finalised, subject to final approval by US judges, with those eligible able to claim as much as $358.80 (£276.56). Although approximately three billion users across the world were affected by the breach, compensation will only be available to 194 million US and Israeli users.

To claim compensation users must complete a claims form by 20 July, and supply several details including the Yahoo address that was used when the breach occurred. The victims have been divided into account holders, paid users, small business users and Israeli users.

The money available translates to roughly 60 cents (46p) per user should each individual successfully claim compensation through the scheme, although given the barriers to claim the money, Yahoo is estimating that individuals are likely to receive up to $100 (£77).

Related Resource

Strengthen your defences against cybercrime

Cyber resilience planning for email

Download now

To successfully claim from the multi-million-dollar pot, users must demonstrate they have a minimum of two years of credit monitoring. Moreover, the up-to-$100 cash payments can be paid to users who have had at least 12 months of credit monitoring. 

There’s additional compensation available for things such as having spent time dealing with the fallout of the data breaches, and out-of-pocket costs that users had to pay as a result of having their information stolen. Small business customers and premium users may also claim reimbursement for some of Yahoo’s paid-for services.

Action was taken in 2018 to seek to “redress Yahoo’s unlawful and negligent disclosure” of millions of Yahoo account holders’ information, including names, email addresses, passwords, and in some cases encrypted or unencrypted security questions and answers.

The company had initially offered to pay out $50 million (£39 million) in October 2018, as well as offer free credit monitoring, but the proposals were rejected and negotiations over an acceptable figure were resumed.

The class action lawsuit also covers a 2012 security breach, a 2014 hack that affected more than 500 million accounts, as well as a breach that spanned between 2015 and 2016, in which hackers compromised 32 million email accounts.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Square to acquire Afterpay for $29 billion
mergers and acquisitions

Square to acquire Afterpay for $29 billion

2 Aug 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021