September 20, 2019

Web services provider Yahoo has reportedly emailed users announcing they are close to a $117.5 million settlement to put an end to a class-action lawsuit following data breaches between 2012 and 2016.

TechRepublic writes that Yahoo users during the affected period may even be entitled to “a bit of money” as Yahoo looks to settle following the numerous breaches. Cybercriminals were able to access Yahoo email accounts, calendars, contacts, telephone numbers, birthdays, passwords and even security questions and answers.

Three billion Yahoo accounts hacked

In August 2013, as confirmed by Yahoo in 2017, all three billion Yahoo user accounts were hacked. There were other breaches in 2012, 2014, 2015, and 2016. Yahoo domain websites are still popular, ranking 9th in the world according to Alexa and Wikipedia, and Yahoo was the most read news and media website in 2016. But the internet company may never have recovered from the breaches. Verizon Communications bought most of Yahoo’s Internet business in 2017 for nearly $4.5 billion.

As per the recent reporting Yahoo is offering two years’ worth of credit-monitoring services to those with affected accounts during the period January 1, 2012 and December 31, 2016. Those users who already have a credit monitoring subscription could be able to ask Yahoo for around $100 instead.

TechRepublic writes that on Yahoo’s claim website, rather than the email to affected users, Yahoo says the amount of compensation “may be less than $100 or more (up to $358.80) depending on how many Settlement Class Members participate in the settlement.” And, that:

“The Settlement Fund will provide: a minimum of two years of Credit Monitoring Services to protect Settlement Class Members from future harm, or Alternative Compensation instead of credit monitoring for Class Members who already have Credit Monitoring Services (subject to verification and documentation).”

Yahoo have also agreed to cover other costs incurred by users because of the data breaches including legal fees. Yahoo Premium and small businesses users may be “entitled to some reimbursement.”

Yahoo settlement to be approved

The proposed settlement is due for approval in a San Jose, US, court on April 2, 2010 and Yahoo has a dedicated website covering the settlement’s terms and eligibility and which describes the breaches as “where malicious actors got into system and personal data was taken” and also intrusions where systems were accessed but “no data appears to have been taken.” The settlement states:

“If you received a notice about the Data Breaches, or if you had a Yahoo account at any time between January 1, 2012 and December 31, 2016 and are a resident of the United States or Israel, you are a “Settlement Class Member.””

Said Class Member’s are able to file claims online to ask for the credit monitoring services or the alternative compensation if they can prove they have already had a credit monitoring subscription for the past year.

2013 Yahoo data breach is the largest to date

The Yahoo data breaches of 2013, affecting three billion accounts, is believed to be the largest such incidence in the history of the internet.

According to Wikipedia, Yahoo suspected a “state sponsored actor” or hacker as being behind both breaches. Though this has been disputed. The FBI is reportedly still investigating the 2013 breach and four men were charged regarding the 2014 breach in March 2017. The Yahoo breaches affected its servers and forged cookies may have been used to access user accounts. Stolen data from the 2014 breach was discovered for sale on the dark web.

First American Financial Corp and Facebook data breaches are the next largest

Following Yahoo as the largest data breach ever is that of First American Financial Corp where 885 million records were exposed including bank transactions, mortgage details, and social security numbers. The data was found accessible to the public on a server this year. The breach was apparently caused by a “design defect” in an application.

Also this year, 540 million Facebook user records were exposed on an Amazon cloud server. A report by UpGuard explained that third-party Facebook application developers had somehow posted the records publicly. Just recently another breach may have been revealed with up to 419 million Facebook user records discovered openly available on the internet, though the records may have been obtained by data scrapers some time ago.

Cybercrime costs companies millions

Varonis puts the average cost of a data breach at $3.86 million. Data breaches happen to companies large and small and 1,244 occurred in the US in 2108 alone exposing a total of 445.6 million personal records. Another report shows data breaches in the first half of 2019 may have increased already by 54%.

As well as a monetary cost, a data breach will cost a business important consumer confidence and thus revenue affecting it for months and years afterwards.

Businesses can do many things to protect against data breaches including operating rigid and comprehensive data security practices. Security awareness training is one of a number of key tactics, teaching employees to identify vulnerabilities and attacks and understand the importance of cybersecurity throughout any organisation and its suppliers.

The Defence Works is already helping many organisations to protect against cybercrime. Try our free demo to find out how.

Share this: