Skip to main content
  1. Home
  2. News

Yahoo agrees to pay $50M in damages for biggest-ever data breach

By

Yahoo has agreed to pay $50 million in damages for a huge security breach in 2013 that affected all three billion of its user accounts globally, the AP reported on Wednesday, October 24.

So long as it receives federal court approval next month, the settlement terms of the class action lawsuit will also provide two years of free credit-monitoring services to U.S.- and Israel-based victims of the hack, which is believed to be the biggest data breach ever to have taken place.

Recommended Videos

The stolen information included names, email addresses, phone numbers, dates of birth, hashed passwords, as well as security questions and answers.

Related

As if that wasn’t bad enough, Yahoo took three years to disclose details of the data theft, and even then, the true scope of the hack wasn’t properly revealed.

Complicating matters further, the revelation came after Verizon had agreed to buy the web company in a deal worth $4.8 billion. Issues connected with the security breach forced Yahoo to reduce that figure by $350 million.

The settlement, reached this week in a federal district court in San Jose, California, covers around a billion accounts held by an estimated 200 million people in the U.S. and Israel from 2012 through 2016.

Verizon has agreed to pay half of the settlement cost, while Altaba — a firm set up to take on the parts of Yahoo not acquired by Verizon — will pay the rest.

Payout for those affected

Should the court approve the deal, affected users can put in claims for some of the $50 million fund.

“The costs can include such things as identity theft, delayed tax refunds or other problems linked to having had personal information pilfered during the Yahoo break-ins,” the AP said in its report.

For example, Yahoo account holders with documented losses can claim for up to 15 hours of lost time, which at $25 an hour would come to $375. Those unable to document losses can put in claims of up to five hours, or $125, for time spent dealing with the fallout of the hack.

In addition, Yahoo account holders who forked out up to $50 a year for a premium email account will be able to claim a 25-percent refund.

Final approval of the proposed settlement will be considered during a session at the Northern District of California on November 29, 2018, and if it goes through, affected account holders will be notified soon after.

Editors’ Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
This vaccine passport app data breach is a cautionary tale
Man frustrated at computer.

A security blunder by proof-of-vaccination app Portpass provides a reminder that third-party apps may not protect your privacy and security. According to CBC News, Portpass exposed potentially hundreds of thousands of users’ personal information on its unsecured website.

After receiving a tip that the user profiles on the app’s website were accessible by members of the public, CBC verified the claim. While on the website, CBC was able to see users’ personal information, email addresses, blood types, birthdays, phone numbers, and photo identification, including driver’s licenses and passports.

Read more
T-Mobile confirms hack, investigates whether customer data was stolen
A T-Mobile store.

T-Mobile has confirmed that its computer systems were accessed without permission and says it's now conducting an investigation to determine the full extent of the hack.

The announcement follows claims on Sunday, August 15, that a hacker was in possession of data belonging to 100 million T-Mobile customers and was trying to sell it via an underground forum.

Read more
T-Mobile investigating claims of massive hack involving customer data
T-Mobile storefront with corporate signage.

T-Mobile says it’s investigating claims of a major data breach that may affect as many as 100 million of its customers.

A message spotted on an underground forum on Sunday, August 15, came from someone claiming to be in possession of personal data belonging to 100 million people. The message made no mention of T-Mobile, but when the poster was contacted by news site Motherboard, it became apparent that the mobile company's customers were at the center of the alleged hack. The figure of 100 million would be remarkable as it's almost equal to T-Mobile's entire customer base.

Read more