Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Yahoo Agrees $80m Securities Class Action Settlement

Yahoo has agreed to pay $80m to settle a class action suit filed by investors relating to data breaches affecting three billion customers.

Several shareholders filed the suit in January 2017, alleging the internet giant broke federal securities law fraud by failing to promptly disclose the breaches which caused a subsequent stock price dive.

It’s still not clear whether the agreed settlement will be the end of the case, as one of the named plaintiffs in the lawsuit didn’t agree to it, according to Bloomberg Law.

However, if approved by the court, the settlement will be the first of its kind, although experts are divided over whether it will spark more federal securities lawsuits following major breaches.

“This will certainly create a strong precedent to claim damages from breached companies. Class action will, however, unlikely provide large compensation to the victims compared to individual litigation that, on the other side, may be unaffordably expensive and long for individuals,” argued High-Tech Bridge CEO Ilia Kolochenko.

"This is likely not the last loss of Yahoo related to the breach: reputational damage is ongoing, and new lawsuits may be filed in other jurisdictions or by victims who opted out from the class action."

Six similar class action suits against other companies, alleging breaches or vulnerabilities that resulted in falling stock prices, are apparently ongoing.

“We do not anticipate this will open the flood gates of security actions following announcements of data breaches, but it shows a security action could be successful in the wrong circumstances,” claimed law firm Brownlee LLP.

Yahoo finally revealed the full extent of the 2013 security incident which led to the breach of three million customer records, in October 2017.

A separate 2014 incident, disclosed in September 2016, is thought to be the work of state-sponsored hackers and resulted in a breach of 500 million accounts.   

What’s Hot on Infosecurity Magazine?