Judge Rules That Yahoo Data Breach Victims Have Right to Sue Company

by

Several months after Yahoo warned users of a third data breach that occurred between 2015 and 2016, U.S. District Judge Lucy Koh in San Jose, California has said that breach victims now have the right to sue the company, allowing them to pursue breach of contract and unfair competition claims (via Reuters). Previously, Yahoo argued that these individuals lacked grounds to sue the company, but Koh has now rejected that claim.


This leaves "well over 1 billion users" open to sue the company, all of whom were affected by one of three total data breaches that began to gain notoriety in September 2016, when the company disclosed that "at least" 500 million Yahoo accounts were compromised in a late 2014 cyber attack. A second attack was disclosed in December 2016, regarding a user information leak that happened in August 2013, and then the third and presumably last warning about a previous attack came in February 2017.

This outlined a period of data breaches that began in 2013 and lasted until 2016, with Yahoo waiting more than three years to reveal information about any of the attacks. Breached info related to names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers.

Because each affected user now faces the risk of identity theft, Koh ruled in a 93-page decision that plaintiffs can now amend previously dismissed complaints to gain new legal ground against Yahoo.

“All plaintiffs have alleged a risk of future identity theft, in addition to loss of value of their personal identification information,” the judge wrote. Koh said some plaintiffs also alleged they had spent money to thwart future identity theft or that fraudsters had misused their data. Others, meanwhile, could have changed passwords or canceled their accounts to stem losses had Yahoo not delayed disclosing the breaches, the judge said.

“We believe it to be a significant victory for consumers, and will address the deficiencies the court pointed out,” John Yanchunis, a lawyer for the plaintiffs who chairs an executive committee overseeing the case, said in an interview. “It’s the biggest data breach in the history of the world.”

Yahoo's disclosure of the security breaches came in the midst of its acquisition by Verizon, and ended up affecting the carrier's offer. After an initial offer of $4.83 billion, Verizon ended up purchasing Yahoo's core business assets for $4.48 billion in order to limit potential liability. The deal closed this past summer and at the same time, Verizon announced plans to lay off about 2,100 Yahoo employees.

Tag: Yahoo

Top Rated Comments

(View all)
Avatar
36 months ago
Verizon still went through with the deal to buy Yahoo. Are their coffers now in play in a huge class action suit?
Score: 2 Votes (Like | Disagree)
Avatar
36 months ago
Spanking Yahoo, is a good first start; but how about raising the penalty for Identify Theft beyond that of a mild scolding? How about making Identity Theft a severe Felony, meaning hard jail time, so that it's actually discouraged? Seems that those that are caught, go right back out and do it again, and again, and again.
Score: 2 Votes (Like | Disagree)
Avatar
36 months ago
Database administrators take note: Take extraordinary precautions to protect all the personal info entrusted to you, or you shall be held accountable in a court of law for any breaches of confidential customer data.
Score: 1 Votes (Like | Disagree)
Avatar
36 months ago
Oh, I hand't heard the Verizon deal went through. Verizon likely has deeper pockets... maybe a class-action $10B lawsuit or something would be good for an industry lesson. I can't believe Verizon was stupid enough to buy that mess.
Score: 1 Votes (Like | Disagree)
Avatar
35 months ago

The thing is, this is most people in the world, so it's the other way around: If they can't make security usable by the average user, they shouldn't be making tech in the first place. Also, even for experts, it's a waste of time to have to research how to use front-end services.

I sort of agree from a UX standpoint, though I'm not sure what the alternative is, and it can only be made so simple, at some point. (Maybe an education campaign on password managers, and strong recommendation of a few good ones... that's what I've been trying to do. Plus, there are other benefits, as I keep other useful info in that that it's handy to have with me.)

But, a lot of these insecure systems are designed as such as lazy ways to 'optimize' the workload for the companies. Getting your account unlocked, if you've lost your password, etc. should take a bit of work to resolve, not a simple 'security question.'

Sickens me when I consult other companies data management and see that their databases are plain text, except for the password. Truly feel sick to my stomach.

And, then there's Equifax who was even using 'admin' and 'admin' defaults on some of their systems. :eek:
Score: 1 Votes (Like | Disagree)
Avatar
36 months ago

Database administrators take note: Take extraordinary precautions to protect all the personal info entrusted to you, or you shall be held accountable in a court of law for any breaches of confidential customer data.

Well, I'd put more focus on the fact that it happened multiple times and they failed to reveal any information because they knew it would kill them.
Score: 1 Votes (Like | Disagree)

Top Stories

Leaker: Apple to Stick With Lightning Over USB-C for 'iPhone 12' Before Going Port-Less Next Year

Tuesday May 26, 2020 2:31 am PDT by
Apple will use a Lightning port instead of USB-C in the upcoming "iPhone 12," but it will be the last major series of Apple's flagship phones to do so, with models set to combine wireless charging and a port-less Smart Connector system for data transfer and syncing in the iPhone "13 series" next year. The above claim comes from occasional Apple leaker and Twitter user "Fudge" (@choco_bit),...

Apple Releases macOS Catalina 10.15.5 With Battery Health Management Features, Fix for Finder Freezing

Tuesday May 26, 2020 1:59 pm PDT by
Apple today released macOS Catalina 10.15.5, the fifth update to the macOS Catalina operating system that was released in October 2019. macOS Catalina 10.15.5 comes two months after the launch of macOS Catalina 10.15.4, which introduced Screen Time Communication Limits. macOS Catalina 10.15.5 is a free update that can be downloaded from the Mac App Store using the Update feature in the...

Apple Reissuing Numerous iOS App Updates, Potentially Related to Recent 'This App is No Longer Shared' Bug

Sunday May 24, 2020 9:13 pm PDT by
Over the past few hours, a number of MacRumors readers have reported seeing dozens or even hundreds of pending app updates showing in the App Store on their iOS devices, including for many apps that were already recently updated by the users. In many cases, the dates listed on these new app updates extend back as far as ten days. Apple has not shared any information as to why updates for...

16-Inch MacBook Pro, iPad Pro, and iMac Pro With Mini-LED Displays Again Rumored to Launch in 2021

Tuesday May 26, 2020 5:30 am PDT by
Apple plans to release several higher-end devices with Mini-LED displays in 2021, including a new 12.9-inch iPad Pro in the first quarter, a new 16-inch MacBook Pro in the second quarter, and a new 27-inch iMac in the second half of the year, according to Jeff Pu, an analyst at Chinese research firm GF Securities. This timeframe lines up with one shared by analyst Ming-Chi Kuo, who recently...

Jailbreak Tool 'unc0ver' 5.0 Released With iOS 13.5 Compatibility

Sunday May 24, 2020 3:06 pm PDT by
The team behind the "unc0ver" jailbreaking tool for iOS has released version 5.0.0 of its software that claims to have the ability to jailbreak "every signed iOS version on every device" using a zero-day kernel vulnerability by Pwn20wnd, a renowned iOS hacker. The announcement comes just days after it was announced that the tool would soon launch. The unc0ver website highlights how the tool...

Future AirPods to Include 'Ambient Light Sensors' Possibly Related to Rumored Health Features

Monday May 25, 2020 2:53 am PDT by
Apple is reportedly looking to integrate light sensors in a new model of AirPods in the next couple of years, according to a new report today, suggesting their use could be part of rumored upcoming health monitoring features in the true wireless earbuds. In a paywalled article, DigiTimes reports that ASE Technology could be involved in manufacturing the sensors: Apple is expected to...

First App Using Apple and Google's Exposure Notification API Launches in Switzerland

Tuesday May 26, 2020 3:02 pm PDT by
The first app that takes advantage of the Exposure Notification API developed by Apple and Google has launched in Switzerland, according to a report from the BBC. A team of app developers working on contact tracing app called SwissCovid have rolled out the app in a beta capacity for members of the Swiss army, hospital workers, and civil servants. After the app is tested and approved by MPs,...

'This App is No Longer Shared' iOS Bug Preventing Some Apps From Opening

Friday May 22, 2020 3:58 pm PDT by
An app bug is causing some iOS users to be unable to open their apps, with affected iPhone and iPad users seeing the message "This app is no longer shared with you" when attempting to access an app. There are multiple complaints about the issue on the MacRumors forums and on Twitter from users who are running into problems. A MacRumors reader describes the issue:Is anyone else experiencing...

HBO Max Now Available on Apple TV and iOS Devices

Wednesday May 27, 2020 2:42 am PDT by
HBO Max launched today, and is now available on Apple TV, iPhone, and iPad. WarnerMedia's new streaming service, which replaces HBO Now, combines HBO content with shows and films from Warner Bros and Turner TV. The service is available as a native app on the ‌Apple TV‌ HD and ‌Apple TV‌ 4K, but second and third-generation ‌Apple TV‌ owners will need to AirPlay HBO Max content...

Apple's Pro Display XDR Wins 'Displays of the Year' Award

Tuesday May 26, 2020 7:45 am PDT by
The Society for Information Display today announced its selections for the 26th Annual Display Industry Awards, and Apple has once again taken one of the top spots, this time with its Pro Display XDR that debuted last year alongside the revamped Mac Pro. The Pro Display XDR was one of three display products named "Displays of the Year," alongside Samsung's foldable display and BOE's...