Yahoo’s $117 million data breach settlement rubber-stamped

Eligible users can claim up to an estimated $100 following the compromise of data in several major breaches

Authorities have finalised a compensation package with Yahoo several years after its users were affected by a host of massive historic data breaches between 2012 and 2016.

A proposed package of $117.5 million (£89.9 million) is close to being finalised, subject to final approval by US judges, with those eligible able to claim as much as $358.80 (£276.56). Although approximately three billion users across the world were affected by the breach, compensation will only be available to 194 million US and Israeli users.

To claim compensation users must complete a claims form by 20 July, and supply several details including the Yahoo address that was used when the breach occurred. The victims have been divided into account holders, paid users, small business users and Israeli users.

The money available translates to roughly 60 cents (46p) per user should each individual successfully claim compensation through the scheme, although given the barriers to claim the money, Yahoo is estimating that individuals are likely to receive up to $100 (£77).

Related Resource

Strengthen your defences against cybercrime

Cyber resilience planning for email

Download now

To successfully claim from the multi-million-dollar pot, users must demonstrate they have a minimum of two years of credit monitoring. Moreover, the up-to-$100 cash payments can be paid to users who have had at least 12 months of credit monitoring. 

There’s additional compensation available for things such as having spent time dealing with the fallout of the data breaches, and out-of-pocket costs that users had to pay as a result of having their information stolen. Small business customers and premium users may also claim reimbursement for some of Yahoo’s paid-for services.

Action was taken in 2018 to seek to “redress Yahoo’s unlawful and negligent disclosure” of millions of Yahoo account holders’ information, including names, email addresses, passwords, and in some cases encrypted or unencrypted security questions and answers.

The company had initially offered to pay out $50 million (£39 million) in October 2018, as well as offer free credit monitoring, but the proposals were rejected and negotiations over an acceptable figure were resumed.

The class action lawsuit also covers a 2012 security breach, a 2014 hack that affected more than 500 million accounts, as well as a breach that spanned between 2015 and 2016, in which hackers compromised 32 million email accounts.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021