Yahoo reaches $117.5M settlement for data breaches affecting 3 billion accounts
Yahoo has reportedly reached a $117.5 million settlement with the victims of multiple data breaches earlier this decade, which ultimately impacted some 3 billion accounts.
The settlement must still be approved by U.S. District Judge Lucy Koh, based in San Jose, Reuters said. On Jan. 28 she rejected an earlier proposed settlement as it didn't identify how much it was actually worth, or what victims might stand to recoup.
Between 2013 and 2016 Yahoo suffered three data breaches exposing personal data, including email addresses. Despite the number of impacted accounts the company didn't begin disclosing the situation until late 2016.
By the time Verizon agreed to buy Yahoo in early 2017, the telecoms giant had managed to negotiate the takeover price down to $4.48 billion -- a $350 million discount, owing directly to the earlier hacks. It did however agree to split liabilities linked to lawsuits and government investigations.
Since 2016 there have been multiple major security breaches at other companies such as Facebook and Equifax. While lax security measures have sometimes been to blame, there have also been concerted attacks by criminals, as well as Chinese and Russian spy agencies.
The settlement must still be approved by U.S. District Judge Lucy Koh, based in San Jose, Reuters said. On Jan. 28 she rejected an earlier proposed settlement as it didn't identify how much it was actually worth, or what victims might stand to recoup.
Between 2013 and 2016 Yahoo suffered three data breaches exposing personal data, including email addresses. Despite the number of impacted accounts the company didn't begin disclosing the situation until late 2016.
By the time Verizon agreed to buy Yahoo in early 2017, the telecoms giant had managed to negotiate the takeover price down to $4.48 billion -- a $350 million discount, owing directly to the earlier hacks. It did however agree to split liabilities linked to lawsuits and government investigations.
Since 2016 there have been multiple major security breaches at other companies such as Facebook and Equifax. While lax security measures have sometimes been to blame, there have also been concerted attacks by criminals, as well as Chinese and Russian spy agencies.
Comments
We all need to step up our push for lawmakers to fix this.
These discrepancies are sloppy reporting and seem to be either click bait or deflection of responsibility from the hacked companies for very shady and lax data security.
You should edit the story to remove these misleading statements or clarify the cases and relevance to the main subject.
I’m not saying Russian and Chinese government entities don’t hack (all major governments do including the USA) but that it wasn’t a factor in the Yahoo, Facebook or Equifax cases and is irrelevant to this story.
3 billion accounts? This is half the world population.
There is no justice there's just us.
That said, the proposal seems to anticipate that the vast majority of people who might be entitled to some form of relief under the settlement won't claim it.
The proposal is to make 4 different kinds of relief available: (1) reimbursement of costs incurred as a result of the breaches (e.g. for time spent dealing with issues they caused); (2) reimbursement of a portion of payments made (to Yahoo) for premium email services; (3) free credit monitoring for 2 years; and (4) alternative compensation of $100 (or possibly more) for those who already have credit monitoring.
Obviously, what's left of the $117.5 million settlement after attorneys' fees and expenses and administration costs - which would be, perhaps, $80 million - won't go very far if a large portion of the class seeks the kind of relief referred to in (1) and (4). That would require a proration of the relief which those who are entitled to such relief would receive.
But I'd guess that most of the class would only be entitled to the relief referred to in (3) - free credit monitoring for 2 years. For that, a credit monitoring service - AllClear ID - seems to be willing to shoulder the risk that a large number of people from the class will claim the relief they would be entitled to. It has, apparently, agreed to provide credit monitoring services to them for a set cost of $24 million regardless of how many people sign up for it. At a claimed retail value of $14.95 / month, $24 million wouldn't cover many people. Even with only 10 million people signing up, AllClear ID would only be getting about 10 cents per month per person.
That makes me wonder: (1) how good is the credit monitoring which class members are being offered and (2) whether, from AllClear ID's perspective, this is just a marketing tactic. Are they offering this service at what will be a loss, hoping that a meaningful portion of those who take advantage of the 2 free years will continue with the service (and start paying for it) after the 2 years is up?