Yahoo reaches $117.5M settlement for data breaches affecting 3 billion accounts

article thumbnail

Yahoo has reportedly reached a $117.5 million settlement with the victims of multiple data breaches earlier this decade, which ultimately impacted some 3 billion accounts.

The settlement must still be approved by U.S. District Judge Lucy Koh, based in San Jose, Reuters said. On Jan. 28 she rejected an earlier proposed settlement as it didn't identify how much it was actually worth, or what victims might stand to recoup.

Between 2013 and 2016 Yahoo suffered three data breaches exposing personal data, including email addresses. Despite the number of impacted accounts the company didn't begin disclosing the situation until late 2016.

By the time Verizon agreed to buy Yahoo in early 2017, the telecoms giant had managed to negotiate the takeover price down to $4.48 billion — a $350 million discount, owing directly to the earlier hacks. It did however agree to split liabilities linked to lawsuits and government investigations.

Since 2016 there have been multiple major security breaches at other companies such as Facebook and Equifax. While lax security measures have sometimes been to blame, there have also been concerted attacks by criminals, as well as Chinese and Russian spy agencies.