Several months after Yahoo warned users of a third data breach that occurred between 2015 and 2016, U.S. District Judge Lucy Koh in San Jose, California has said that breach victims now have the right to sue the company, allowing them to pursue breach of contract and unfair competition claims (via Reuters). Previously, Yahoo argued that these individuals lacked grounds to sue the company, but Koh has now rejected that claim.

yahoo
This leaves "well over 1 billion users" open to sue the company, all of whom were affected by one of three total data breaches that began to gain notoriety in September 2016, when the company disclosed that "at least" 500 million Yahoo accounts were compromised in a late 2014 cyber attack. A second attack was disclosed in December 2016, regarding a user information leak that happened in August 2013, and then the third and presumably last warning about a previous attack came in February 2017.

This outlined a period of data breaches that began in 2013 and lasted until 2016, with Yahoo waiting more than three years to reveal information about any of the attacks. Breached info related to names, email addresses, telephone numbers, birth dates, hashed passwords, and both encrypted and unencrypted security questions and answers.

Because each affected user now faces the risk of identity theft, Koh ruled in a 93-page decision that plaintiffs can now amend previously dismissed complaints to gain new legal ground against Yahoo.

“All plaintiffs have alleged a risk of future identity theft, in addition to loss of value of their personal identification information,” the judge wrote. Koh said some plaintiffs also alleged they had spent money to thwart future identity theft or that fraudsters had misused their data. Others, meanwhile, could have changed passwords or canceled their accounts to stem losses had Yahoo not delayed disclosing the breaches, the judge said.

“We believe it to be a significant victory for consumers, and will address the deficiencies the court pointed out,” John Yanchunis, a lawyer for the plaintiffs who chairs an executive committee overseeing the case, said in an interview. “It’s the biggest data breach in the history of the world.”

Yahoo's disclosure of the security breaches came in the midst of its acquisition by Verizon, and ended up affecting the carrier's offer. After an initial offer of $4.83 billion, Verizon ended up purchasing Yahoo's core business assets for $4.48 billion in order to limit potential liability. The deal closed this past summer and at the same time, Verizon announced plans to lay off about 2,100 Yahoo employees.

Tag: Yahoo

Top Rated Comments

MacNut Avatar
97 months ago
Verizon still went through with the deal to buy Yahoo. Are their coffers now in play in a huge class action suit?
Score: 2 Votes (Like | Disagree)
Hodar1 Avatar
97 months ago
Spanking Yahoo, is a good first start; but how about raising the penalty for Identify Theft beyond that of a mild scolding? How about making Identity Theft a severe Felony, meaning hard jail time, so that it's actually discouraged? Seems that those that are caught, go right back out and do it again, and again, and again.
Score: 2 Votes (Like | Disagree)
macs4nw Avatar
97 months ago
Database administrators take note: Take extraordinary precautions to protect all the personal info entrusted to you, or you shall be held accountable in a court of law for any breaches of confidential customer data.
Score: 1 Votes (Like | Disagree)
SteveW928 Avatar
97 months ago
Oh, I hand't heard the Verizon deal went through. Verizon likely has deeper pockets... maybe a class-action $10B lawsuit or something would be good for an industry lesson. I can't believe Verizon was stupid enough to buy that mess.
Score: 1 Votes (Like | Disagree)
SteveW928 Avatar
96 months ago
The thing is, this is most people in the world, so it's the other way around: If they can't make security usable by the average user, they shouldn't be making tech in the first place. Also, even for experts, it's a waste of time to have to research how to use front-end services.
I sort of agree from a UX standpoint, though I'm not sure what the alternative is, and it can only be made so simple, at some point. (Maybe an education campaign on password managers, and strong recommendation of a few good ones... that's what I've been trying to do. Plus, there are other benefits, as I keep other useful info in that that it's handy to have with me.)

But, a lot of these insecure systems are designed as such as lazy ways to 'optimize' the workload for the companies. Getting your account unlocked, if you've lost your password, etc. should take a bit of work to resolve, not a simple 'security question.'

Sickens me when I consult other companies data management and see that their databases are plain text, except for the password. Truly feel sick to my stomach.
And, then there's Equifax who was even using 'admin' and 'admin' defaults on some of their systems. :eek:
Score: 1 Votes (Like | Disagree)
Mascots Avatar
97 months ago
Database administrators take note: Take extraordinary precautions to protect all the personal info entrusted to you, or you shall be held accountable in a court of law for any breaches of confidential customer data.
Well, I'd put more focus on the fact that it happened multiple times and they failed to reveal any information because they knew it would kill them.
Score: 1 Votes (Like | Disagree)

Popular Stories

App Store vs EU Feature 2

Apple Says It Doesn't Approve of EU Porn App

Monday February 3, 2025 1:15 pm PST by
Apple does not approve of the "Hot Tub" pornography app that was released for the iPhone in the EU using alternative app distribution, Apple said in a statement to MacRumors. Further, Apple is concerned about the potential user safety risks with a pornography app, and says that it undermines consumer trust in the Apple ecosystem. We are deeply concerned about the safety risks that hardcore...
General Apple Invites Feature

Apple Launches New 'Invites' App

Tuesday February 4, 2025 8:00 am PST by
Apple today announced the launch of a new app called "Invites," which is designed to allow users to plan events like birthday parties, graduations, vacations, baby showers, and more. "With Apple Invites, an event comes to life from the moment the invitation is created, and users can share lasting memories even after they get together," said Brent Chiu-Watson, Apple's senior director of...
iOS 18

iOS 18.4 Will Include These New Features for Your iPhone

Wednesday February 5, 2025 7:15 am PST by
iOS 18.3 was released last month, so the first iOS 18.4 beta should be coming soon. iOS 18.4 is expected to be a more substantial update for the iPhone, with several new features and changes related to Apple Intelligence and beyond. Apple's website suggests that iOS 18.4 will be released in April, following beta testing. Below, we outline what to expect from the update so far. Apple...
maxresdefault

An Apple TV Refresh is Coming in 2025 - Here's What You Should Know

Wednesday February 5, 2025 10:17 am PST by
Apple hasn't refreshed the Apple TV since 2022, but rumors suggest that we're finally going to get an update in 2025. We don't have a full picture of what to expect yet, but we have some hints on what's coming. Subscribe to the MacRumors YouTube channel for more videos. Updated A-Series Chip The current Apple TV 4K uses the A15 Bionic chip that was in the iPhone 13 lineup, and it's time for...
applecare apple care banner

Apple Raises Monthly AppleCare+ Subscription Price for All iPhones

Tuesday February 4, 2025 9:35 am PST by
Apple this week increased the prices for its monthly AppleCare+ subscription prices for the iPhone, raising the cost by 50 cents for all models in the United States. Standard AppleCare+ for the iPhone 16 models is now priced at $10.49 per month, for example, up from the prior $9.99 per month price. The 50 cent price increase applies to all available AppleCare+ plans for Apple's current...
iCloud General Feature Redux

'Apple Invites' Leaked on iCloud Website

Tuesday February 4, 2025 7:11 am PST by
Update: The new Apple Invites app has officially been announced. The main iCloud.com page has seemingly confirmed Apple's rumored invites tool, which has yet to be officially announced by the company. The page says "Apple Invites" will be an iCloud+ feature:Upgrade to iCloud+ to get more storage, plan events with Apple Invites, and have peace of mind with privacy features like iCloud...
apple power beats pro 2

Apple Expected to Announce Powerbeats Pro 2 on February 11 With These New Features

Sunday February 2, 2025 6:15 am PST by
Apple previously teased that Powerbeats Pro 2 would be released in 2025, and now an announcement date has leaked. Bloomberg's Mark Gurman today said Apple plans to unveil the wireless earbuds on Tuesday, February 11. Powerbeats Pro 2 will be priced at $250 in the U.S., he said. Powerbeats Pro are a sportier, fitness-focused alternative to AirPods Pro with built-in, adjustable ear hooks...
hot tub app eu

EU's AltStore Gets First Native iOS Pornography App

Monday February 3, 2025 11:13 am PST by
In the European Union, the Digital Markets Act allows developers to distribute iOS apps through alternate app stores. While Apple checks those apps for malware and other malicious content, there are few restrictions on subject matter, unlike Apple's own App Store. As a result, EU users can now download the first dedicated native pornography app created for the iPhone. Called Hot Tub, the app ...