The Daily Swig Web security digest

Yahoo offers $80m payout following 2013 data breach

Jessica Haworth | 12 March 2018 at 16:24

The company agrees to pay shareholders $80 million after it failed to disclose the incident in 2013.

Yahoo has offered to pay $80 million to settle a class action lawsuit after a data leak exposed three billion customers’ details.

The suit was filed in January by several shareholders after they claimed Yahoo broke the law by failing to disclose the incident.

They claim that the company intentionally misled them about their cybersecurity practices and that this caused stock prices to drop.

Yahoo, which is owned by Oath, replied by offering $80 million – or 27 cents per victim – in damages.

But it isn’t yet clear if the case is over, as one plaintiff has yet to agree to the settlement, according to Bloomberg Law.

The settlement represents all shareholders who bought or acquired stock on the open market between April 30, 2013, and December 14, 2016.

This class action suit would be the first of its kind if successful, claims Infosecurity Magazine.

But law firm Brownlee remarked that it won’t necessarily spark more class action suits from future victims of a data leak.

A spokesperson said: “We do not anticipate this will open the flood gates of security actions following announcements of data breaches, but it shows a security action could be successful in the wrong circumstances.”

The data breach happened back in August 2013. In December 2016, Yahoo disclosed the breach, along with an estimation that one billion of its three billion user accounts were affected.

It later confirmed that all users had their data compromised.

Yahoo added that it didn’t believe any credit card details or bank account information were stolen.