Yahoo reaches $117.5M settlement for data breaches affecting 3 billion accounts
Roger Fingas
Yahoo has reportedly reached a $117.5 million settlement with the victims of multiple data breaches earlier this decade, which ultimately impacted some 3 billion accounts.
The settlement must still be approved by U.S. District Judge Lucy Koh, based in San Jose, Reuters said. On Jan. 28 she rejected an earlier proposed settlement as it didn't identify how much it was actually worth, or what victims might stand to recoup.
Between 2013 and 2016 Yahoo suffered three data breaches exposing personal data, including email addresses. Despite the number of impacted accounts the company didn't begin disclosing the situation until late 2016.
By the time Verizon agreed to buy Yahoo in early 2017, the telecoms giant had managed to negotiate the takeover price down to $4.48 billion — a $350 million discount, owing directly to the earlier hacks. It did however agree to split liabilities linked to lawsuits and government investigations.
Malcolm Owen
Amber Neely
Marko Zivkovic
David Schloss
Wesley Hilliard
Mike Wuerthele and Malcolm Owen
13 Comments
I can't wait to get my fair share of the settlement. Let's see... Siri, what 117.5Million divided by 3Billion? $00.0392? That new Apple 31" monitor is so mine!
Justice served.. now the industry will be careful with sensitive personal data and CEOs won’t have incentive to hide breaches over long periods like Marissa Mayer did. 4 cents per account, before attorneys fees. That’ll teach em.
We all need to step up our push for lawmakers to fix this.
Now we all know how much the government thinks your privacy is worth. Four cents.
The last paragraph is misleading. Neither Russian or Chinese APTs have been implicated in any of the data breaches mentioned. Some Russian and Eastern European criminal gangs were implicated in the Yahoo data breaches, but these are criminal economic frauds, not espionage.
These discrepancies are sloppy reporting and seem to be either click bait or deflection of responsibility from the hacked companies for very shady and lax data security.
You should edit the story to remove these misleading statements or clarify the cases and relevance to the main subject.
I’m not saying Russian and Chinese government entities don’t hack (all major governments do including the USA) but that it wasn’t a factor in the Yahoo, Facebook or Equifax cases and is irrelevant to this story.
3 billion accounts? This is half the world population.