Tech giant Yahoo has struck a revised deal in a high-stakes court case in the aftermath of a data breach that hit just under 900 million accounts, settling for USD $117.5-million.
Yahoo, which now falls under the Verizon Communications Inc. umbrella stands accused of acting improperly and slowly in their disclosure of three separate data breaches, which all up impacted up to 3-billion accounts from 2013 to 2016; the largest in recorded history.
John Yanchunis, the lawyer working on behalf of the plaintiffs said in a court filing that the $117.5 million represented the “biggest common fund ever obtained in a data breach case.” The settlement includes $55 million for the victims, up to $30 million for legal fees, $24 million for two years of credit monitoring and $8.5 million for other expenses.
The class-action suit covers as many as 194 million people in the United States and Israel, whose personal details stored in the Yahoo network were compromised- roughly 896 million accounts.
During that breach, email addresses and other personal information were hijacked by an unauthorised third-party. U.S. prosecutors charged two hackers, alongside two reportedly Russian intelligence agents for one of the breaches in 2017; one hacker has since pleaded guilty.
In the aftermath, Yahoo’s parent company Verizon has increased its expenditure in information security to $306 million; five times what Yahoo was spending between the 2013-2016 period when its systems were compromised. They have also made a pledge to quadruple the number of staff working in information security.
Verizon has issued a statement outlining that “the settlement demonstrates our strong commitment to security.”
Reuters is reporting that an earlier attempt to settle was rejected by U.S. District Judge Lucy Koh, who said the deal was not “fundamentally fair, adequate and reasonable.” Her criticisms included the fact “it had no overall dollar value and did not say how much victims might expect to recover. She also said the legal fees appeared to be too high,” according to Jonathan Stempel.
When Yahoo was initially sold to Verizon for $4.83-billion in July of 2016, it did not disclose the details of the data breaches. Once it did, Yahoo’s price was instantly cut to $4.48-billion; a clear indication of the loss in value a business can sustain in the aftermath of a data breach going public.