Yahoo reaches $117.5M settlement for data breaches affecting 3 billion accounts

Yahoo has reportedly reached a $117.5 million settlement with the victims of multiple data breaches earlier this decade, which ultimately impacted some 3 billion accounts.

The settlement must still be approved by U.S. District Judge Lucy Koh, based in San Jose, Reuters said. On Jan. 28 she rejected an earlier proposed settlement as it didn't identify how much it was actually worth, or what victims might stand to recoup.

Between 2013 and 2016 Yahoo suffered three data breaches exposing personal data, including email addresses. Despite the number of impacted accounts the company didn't begin disclosing the situation until late 2016.

By the time Verizon agreed to buy Yahoo in early 2017, the telecoms giant had managed to negotiate the takeover price down to $4.48 billion — a $350 million discount, owing directly to the earlier hacks. It did however agree to split liabilities linked to lawsuits and government investigations.

Since 2016 there have been multiple major security breaches at other companies such as Facebook and Equifax. While lax security measures have sometimes been to blame, there have also been concerted attacks by criminals, as well as Chinese and Russian spy agencies.

13 Comments

macgui 2445 comments · 17 Years

About 5 years ago

I can't wait to get my fair share of the settlement. Let's see... Siri, what 117.5Million divided by 3Billion? $00.0392? That new Apple 31" monitor is so mine!

widmark 38 comments · 12 Years

Justice served.. now the industry will be careful with sensitive personal data and CEOs won’t have incentive to hide breaches over long periods like Marissa Mayer did. 4 cents per account, before attorneys fees. That’ll teach em.

We all need to step up our push for lawmakers to fix this.

maury markowitz 369 comments · 17 Years

Now we all know how much the government thinks your privacy is worth. Four cents.

xiao-zhi 113 comments · 13 Years

The last paragraph is misleading. Neither Russian or Chinese APTs have been implicated in any of the data breaches mentioned. Some Russian and Eastern European criminal gangs were implicated in the Yahoo data breaches, but these are criminal economic frauds, not espionage.
These discrepancies are sloppy reporting and seem to be either click bait or deflection of responsibility from the hacked companies for very shady and lax data security.
You should edit the story to remove these misleading statements or clarify the cases and relevance to the main subject.
I’m not saying Russian and Chinese government entities don’t hack (all major governments do including the USA) but that it wasn’t a factor in the Yahoo, Facebook or Equifax cases and is irrelevant to this story.

tzeshan 2350 comments · 14 Years