Several months after Yahoo warned users of a third data breach that occurred between 2015 and 2016, U.S. District Judge Lucy Koh in San Jose, California has said that breach victims now have the right to sue the company, allowing them to pursue breach of contract and unfair competition claims (via Reuters). Previously, Yahoo argued that these individuals lacked grounds to sue the company, but Koh has now rejected that claim.

yahoo
This leaves "well over 1 billion users" open to sue the company, all of whom were affected by one of three total data breaches that began to gain notoriety in September 2016, when the company disclosed that "at least" 500 million Yahoo accounts were compromised in a late 2014 cyber attack. A second attack was disclosed in December 2016, regarding a user information leak that happened in August 2013, and then the third and presumably last warning about a previous attack came in February 2017.

This outlined a period of data breaches that began in 2013 and lasted until 2016, with Yahoo waiting more than three years to reveal information about any of the attacks. Breached info related to names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers.

Because each affected user now faces the risk of identity theft, Koh ruled in a 93-page decision that plaintiffs can now amend previously dismissed complaints to gain new legal ground against Yahoo.

“All plaintiffs have alleged a risk of future identity theft, in addition to loss of value of their personal identification information,” the judge wrote. Koh said some plaintiffs also alleged they had spent money to thwart future identity theft or that fraudsters had misused their data. Others, meanwhile, could have changed passwords or canceled their accounts to stem losses had Yahoo not delayed disclosing the breaches, the judge said.

“We believe it to be a significant victory for consumers, and will address the deficiencies the court pointed out,” John Yanchunis, a lawyer for the plaintiffs who chairs an executive committee overseeing the case, said in an interview. “It’s the biggest data breach in the history of the world.”

Yahoo's disclosure of the security breaches came in the midst of its acquisition by Verizon, and ended up affecting the carrier's offer. After an initial offer of $4.83 billion, Verizon ended up purchasing Yahoo's core business assets for $4.48 billion in order to limit potential liability. The deal closed this past summer and at the same time, Verizon announced plans to lay off about 2,100 Yahoo employees.

Tag: Yahoo

Top Rated Comments

MacNut Avatar
85 months ago
Verizon still went through with the deal to buy Yahoo. Are their coffers now in play in a huge class action suit?
Score: 2 Votes (Like | Disagree)
Hodar1 Avatar
85 months ago
Spanking Yahoo, is a good first start; but how about raising the penalty for Identify Theft beyond that of a mild scolding? How about making Identity Theft a severe Felony, meaning hard jail time, so that it's actually discouraged? Seems that those that are caught, go right back out and do it again, and again, and again.
Score: 2 Votes (Like | Disagree)
macs4nw Avatar
85 months ago
Database administrators take note: Take extraordinary precautions to protect all the personal info entrusted to you, or you shall be held accountable in a court of law for any breaches of confidential customer data.
Score: 1 Votes (Like | Disagree)
SteveW928 Avatar
85 months ago
Oh, I hand't heard the Verizon deal went through. Verizon likely has deeper pockets... maybe a class-action $10B lawsuit or something would be good for an industry lesson. I can't believe Verizon was stupid enough to buy that mess.
Score: 1 Votes (Like | Disagree)
SteveW928 Avatar
84 months ago
The thing is, this is most people in the world, so it's the other way around: If they can't make security usable by the average user, they shouldn't be making tech in the first place. Also, even for experts, it's a waste of time to have to research how to use front-end services.
I sort of agree from a UX standpoint, though I'm not sure what the alternative is, and it can only be made so simple, at some point. (Maybe an education campaign on password managers, and strong recommendation of a few good ones... that's what I've been trying to do. Plus, there are other benefits, as I keep other useful info in that that it's handy to have with me.)

But, a lot of these insecure systems are designed as such as lazy ways to 'optimize' the workload for the companies. Getting your account unlocked, if you've lost your password, etc. should take a bit of work to resolve, not a simple 'security question.'

Sickens me when I consult other companies data management and see that their databases are plain text, except for the password. Truly feel sick to my stomach.
And, then there's Equifax who was even using 'admin' and 'admin' defaults on some of their systems. :eek:
Score: 1 Votes (Like | Disagree)
Mascots Avatar
85 months ago
Database administrators take note: Take extraordinary precautions to protect all the personal info entrusted to you, or you shall be held accountable in a court of law for any breaches of confidential customer data.
Well, I'd put more focus on the fact that it happened multiple times and they failed to reveal any information because they knew it would kill them.
Score: 1 Votes (Like | Disagree)

Popular Stories

General Apps Messages

Apple Announces 'Groundbreaking' New Security Protocol for iMessage

Wednesday February 21, 2024 6:00 am PST by
Apple today announced a new post-quantum cryptographic protocol for iMessage called PQ3. Apple says this "groundbreaking" and "state-of-the-art" protocol provides "extensive defenses against even highly sophisticated quantum attacks." Apple believes the PQ3 protocol's protections "surpass those in all other widely deployed messaging apps," according to its blog post:Today we are announcing...
iOS 17

iOS 17.4 Will Add These New Features to Your iPhone

Monday February 19, 2024 6:52 am PST by
Apple last month confirmed that iOS 17.4 will be released in March, and the update includes several new features and changes for the iPhone. Key new features in iOS 17.4 include major App Store changes in the EU and Apple Podcasts transcripts. The update also adds new emoji and includes preparations for the launch of next-generation CarPlay later this year. More details about the new...
Beyond iPhone 13 Better Blue Face ID Single Camera Hole

Six Reasons to Wait for Next Year's iPhone 17

Thursday February 22, 2024 4:20 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models concurrently, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different, and already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
samsung galaxy ring

'Apple Ring' Allegedly in Development to Rival Samsung Galaxy Ring

Tuesday February 20, 2024 2:27 am PST by
Apple is speeding up development of a smart ring that can be worn on the finger to track users' health biometrics, claims a new report coming out of Korea. Teaser image of Samsung Galaxy Ring shown at Galaxy Unpacked in January Apple has toyed with the idea of a ring wearable for several years, as indicated by several patents, but with Samsung preparing to bring its own product to market, the ...
volvo s60 drivers apple maps

iOS 17.4 Beta Adds CarPlay Option to Show Upcoming Maneuvers in Instrument Cluster

Tuesday February 20, 2024 10:47 am PST by
The fourth beta of iOS 17.4 that Apple released today adds a new CarPlay feature, according to the notes that Apple provided to developers. In supported CarPlay vehicles, there's now an Apple Maps option to show information about upcoming maneuvers in the instrument cluster. CarPlay users will be able to swap the display type between the main and instrument cluster by tapping on the map...
Oled iPads and MackBook Pro Notch

Apple's OLED Roadmap: New iPad Mini, Foldable iPad Pro, and More

Wednesday February 21, 2024 5:29 am PST by
Apple is planning to launch at least nine new devices with OLED displays across the iPad and MacBook product lines, according to an updated forecast from research firm Omdia that sets out the company's plans in detail. As widely rumored, Apple's push to transition to OLED will apparently be jump-started by the release of new 11- and 13-inch iPad Pro models this year. The displays will...
iPad Pro OLED Feature 2

Apple's Upcoming OLED iPad Pro Models Rumored to Be Much Thinner

Tuesday February 20, 2024 1:39 pm PST by
Apple is planning to update the iPad Air and iPad Pro lineups as soon as March, and the new iPad Pro models will be significantly thinner according to dimensions shared by 9to5Mac. Citing sources with knowledge of Apple's plans, the site claims that the larger version will be more than 1mm thinner. The current 12.9-inch iPad Pro measures in at 6.4mm thick, but the new model is said to be 5mm ...
m3 macbook pro 14 16

Apple Now Selling Refurbished M3 Pro and M3 Max MacBook Pro Models

Monday February 19, 2024 5:04 pm PST by
Apple today began offering refurbished versions of the 14-inch and 16-inch MacBook Pro models with M3 Pro and M3 Max chip options, offering the machines at a discount for the first time since their October 2023 release. The release of M3 Pro and M3 Max models on Apple's refurbished store comes almost two weeks after the entry-level 14-inch M3 MacBook Pro first appeared on the store....