IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Yahoo’s $117 million data breach settlement rubber-stamped

Eligible users can claim up to an estimated $100 following the compromise of data in several major breaches

Authorities have finalised a compensation package with Yahoo several years after its users were affected by a host of massive historic data breaches between 2012 and 2016.

A proposed package of $117.5 million (£89.9 million) is close to being finalised, subject to final approval by US judges, with those eligible able to claim as much as $358.80 (£276.56). Although approximately three billion users across the world were affected by the breach, compensation will only be available to 194 million US and Israeli users.

To claim compensation users must complete a claims form by 20 July, and supply several details including the Yahoo address that was used when the breach occurred. The victims have been divided into account holders, paid users, small business users and Israeli users.

The money available translates to roughly 60 cents (46p) per user should each individual successfully claim compensation through the scheme, although given the barriers to claim the money, Yahoo is estimating that individuals are likely to receive up to $100 (£77).

Related Resource

Strengthen your defences against cybercrime

Cyber resilience planning for email

Download now

To successfully claim from the multi-million-dollar pot, users must demonstrate they have a minimum of two years of credit monitoring. Moreover, the up-to-$100 cash payments can be paid to users who have had at least 12 months of credit monitoring. 

There’s additional compensation available for things such as having spent time dealing with the fallout of the data breaches, and out-of-pocket costs that users had to pay as a result of having their information stolen. Small business customers and premium users may also claim reimbursement for some of Yahoo’s paid-for services.

Action was taken in 2018 to seek to “redress Yahoo’s unlawful and negligent disclosure” of millions of Yahoo account holders’ information, including names, email addresses, passwords, and in some cases encrypted or unencrypted security questions and answers.

The company had initially offered to pay out $50 million (£39 million) in October 2018, as well as offer free credit monitoring, but the proposals were rejected and negotiations over an acceptable figure were resumed.

The class action lawsuit also covers a 2012 security breach, a 2014 hack that affected more than 500 million accounts, as well as a breach that spanned between 2015 and 2016, in which hackers compromised 32 million email accounts.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022