Yahoo’s $117 million data breach settlement rubber-stamped

Eligible users can claim up to an estimated $100 following the compromise of data in several major breaches

Authorities have finalised a compensation package with Yahoo several years after its users were affected by a host of massive historic data breaches between 2012 and 2016.

A proposed package of $117.5 million (£89.9 million) is close to being finalised, subject to final approval by US judges, with those eligible able to claim as much as $358.80 (£276.56). Although approximately three billion users across the world were affected by the breach, compensation will only be available to 194 million US and Israeli users.

To claim compensation users must complete a claims form by 20 July, and supply several details including the Yahoo address that was used when the breach occurred. The victims have been divided into account holders, paid users, small business users and Israeli users.

The money available translates to roughly 60 cents (46p) per user should each individual successfully claim compensation through the scheme, although given the barriers to claim the money, Yahoo is estimating that individuals are likely to receive up to $100 (£77).

Related Resource

Strengthen your defences against cybercrime

Cyber resilience planning for email

Download now

To successfully claim from the multi-million-dollar pot, users must demonstrate they have a minimum of two years of credit monitoring. Moreover, the up-to-$100 cash payments can be paid to users who have had at least 12 months of credit monitoring. 

There’s additional compensation available for things such as having spent time dealing with the fallout of the data breaches, and out-of-pocket costs that users had to pay as a result of having their information stolen. Small business customers and premium users may also claim reimbursement for some of Yahoo’s paid-for services.

Action was taken in 2018 to seek to “redress Yahoo’s unlawful and negligent disclosure” of millions of Yahoo account holders’ information, including names, email addresses, passwords, and in some cases encrypted or unencrypted security questions and answers.

The company had initially offered to pay out $50 million (£39 million) in October 2018, as well as offer free credit monitoring, but the proposals were rejected and negotiations over an acceptable figure were resumed.

The class action lawsuit also covers a 2012 security breach, a 2014 hack that affected more than 500 million accounts, as well as a breach that spanned between 2015 and 2016, in which hackers compromised 32 million email accounts.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/software/linux/354831/microsoft-to-add-defender-antivirus-software-to-linux-ios-and-android
Linux

Microsoft to add Defender antivirus software to Linux, iOS and Android

21 Feb 2020