Yahoo’s proposed settlement of US$117.5 million for the data breach in 2013-2016 has been revealed in court filings. This is a revised number from an earlier settlement submitted in January, which was rejected by a district judge in California for not being “fair, reasonable, and adequate.”
The customer data security breach litigation accuses Yahoo of holding back knowledge of three data breaches that affected some three billion accounts. The company previously told various media outlets that names, email addresses and passwords were compromised, but not financial information.
A lawyer for the plaintiffs said that the US$117.5 million is the “biggest common fund ever obtained in a data breach case.” The settlement will pay for costs such as victims’ out-of-pocket expenses, years of credit monitoring, and legal fees. It covers 194 million people in the United States and Israel with some 896 million accounts.
Yahoo is part of Verizon Media, previously known as Oath, after a US$4.48 billion acquisition by parent company Verizon Communications in 2016. The original agreed amount of US$4.83 billion was slashed after the data breach. According to Reuters, Verizon agreed to spend US$306 million between 2019 and 2022 on information security, five times what Yahoo spent from 2013 to 2016. It also pledged to quadruple Yahoo’s staffing in that area.
“The settlement demonstrates our strong commitment to security,” Verizon said in a statement to the news outlet.
Oath launches first global brand campaign after Yahoo! Acquisition
Oath-owned Yahoo unveils plans to pioneer digital creativity in latest summit
Yahoo still scanning emails to sell data to advertisers