Yahoo today has been learnt offering $177.5 Million to settle a lawsuit related to its 2013 data breach incident which compromised 3 billion user records, the biggest data breach in the history of mankind.
The new settlement proposal of $117.5M filed Tuesday in the U.S. District Court in San Jose, is a follow on to company’s first settlement proposal of $50 million which was rejected by the court. For the same incident yahoo already paid $35 Millions to Securities and Exchange Commission(SEC), to settle a different lawsuit where SEC claimed that yahoo intentionally kept the investors uninformed about the data breach incident which amounts to misleading investors.
In 2017 Yahoo was slapped with a class action lawsuit for not disclosing the data breach incident within a reasonable timeframe. Yahoo, now a subsidiary of Verizon Communication made first settlement proposal of $50M plus 2 years free credit monitoring for upto 200 Million people in the US and Israel. However the proposal was turned down U.S. District Court Judge Lucy Koh citing that it didn’t specify how much money victims could expect to recover and didn’t cover attorneys’ fees.
The new settlement proposal aims to assure those concerns by having company paying for two years of free credit monitoring and “alternative compensation” for impacted victims; and expenses related to identifying theft, paid user costs, lost time, small business user cost, legal expenses and more. Court has yet to make a decision on the new settlement offer.
The actual incident of data breach has taken place back in August 2013 which yahoo only revealed it by the end of 2016. The data breach incident is considered the biggest ever in terms of number of impacted users. Over 3 Billions users records was stolen which included names, email addresses, hashed passwords and more. Surprisingly yahoo only learned about the incident a dark web seller offering a list of more than one billion Yahoo! accounts for about $300,000.
In late 2014, the company faced a second data breach incident that compromised 500 million accounts; Yet another data breach in 2016, yahoo confirmed “an unauthorized third party accessed the company’s proprietary code to learn how to forge cookies.”
The amount of massive financial loss by yahoo because of the data breach is not an isolated incident. Different independent surveys projected average loss of over $10 millions taken by medium to large enterprise companies as direct impact of data breach incidents. Last month Norwegian giant Norsk Hydro lost over $40 million in direct loss because of a security breach incident impacting its worldwide operation.