Yahoo’s $117 million data breach settlement rubber-stamped

Eligible users can claim up to an estimated $100 following the compromise of data in several major breaches

Authorities have finalised a compensation package with Yahoo several years after its users were affected by a host of massive historic data breaches between 2012 and 2016.

A proposed package of $117.5 million (£89.9 million) is close to being finalised, subject to final approval by US judges, with those eligible able to claim as much as $358.80 (£276.56). Although approximately three billion users across the world were affected by the breach, compensation will only be available to 194 million US and Israeli users.

Advertisement - Article continues below

To claim compensation users must complete a claims form by 20 July, and supply several details including the Yahoo address that was used when the breach occurred. The victims have been divided into account holders, paid users, small business users and Israeli users.

The money available translates to roughly 60 cents (46p) per user should each individual successfully claim compensation through the scheme, although given the barriers to claim the money, Yahoo is estimating that individuals are likely to receive up to $100 (£77).

Related Resource

Strengthen your defences against cybercrime

Cyber resilience planning for email

Download now

To successfully claim from the multi-million-dollar pot, users must demonstrate they have a minimum of two years of credit monitoring. Moreover, the up-to-$100 cash payments can be paid to users who have had at least 12 months of credit monitoring. 

Advertisement
Advertisement - Article continues below

There’s additional compensation available for things such as having spent time dealing with the fallout of the data breaches, and out-of-pocket costs that users had to pay as a result of having their information stolen. Small business customers and premium users may also claim reimbursement for some of Yahoo’s paid-for services.

Advertisement - Article continues below

Action was taken in 2018 to seek to “redress Yahoo’s unlawful and negligent disclosure” of millions of Yahoo account holders’ information, including names, email addresses, passwords, and in some cases encrypted or unencrypted security questions and answers.

The company had initially offered to pay out $50 million (£39 million) in October 2018, as well as offer free credit monitoring, but the proposals were rejected and negotiations over an acceptable figure were resumed.

The class action lawsuit also covers a 2012 security breach, a 2014 hack that affected more than 500 million accounts, as well as a breach that spanned between 2015 and 2016, in which hackers compromised 32 million email accounts.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020
Visit/hardware/355904/picking-the-perfect-multifunction-printer
Hardware

Picking the perfect multifunction printer

4 Jun 2020