UPDATED 22:51 EST / APRIL 09 2019

SECURITY

Yahoo proposes $117.5M in compensation to settle data breach case

Yahoo, currently a division of Verizon Communications Inc., may be close to putting to bed its long-running saga over the biggest hack of all time via a revised $117.5 million data breach settlement.

The class-action settlement was disclosed publicly on Tuesday and was reported to address criticisms from U.S. District Judge Lucy Koh, who had previously rejected a settlement offer in January.

The proposed settlement includes a minimum of $55 million for victims’ out-of-pocket expenses, $24 million to pay for two years of crediting monitoring service, as much as $30 million for legal expenses and an additional $8.5 million for unspecified expenses.

Three billion Yahoo accounts were compromised in August 2013, with data stolen including names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers. In a separate hack in 2014, 500 million accounts were compromised.

John Yanchunis, a lawyer for the plaintiffs, said in a court filing that the $117.5 million was the “biggest common fund ever obtained in a data breach case.”

A Verizon Media spokesperson said that “we believe that the settlement demonstrates our strong commitment to security.”

Verizon itself does not exactly have a perfect record when it comes to data security, with 14 million customer records exposed via a misconfigured Amazon Web Services Inc. S3 instance in 2017, though that was blamed on a contractor.

Doubling down, Verizon said that it would spend $306 million between 2019 and 2022 on information security, five times what Yahoo spent from 2013 to 2016. In addition, it pledged to quadruple Yahoo’s staffing in cybersecurity as part of the settlement agreement.

High-Tech Bridge SA Chief Executive Officer Ilia Kolochenko told SiliconANGLE that on average, that’s $25 per compromised account, which he called “embarrassingly modest compensation for breach of your privacy and stolen personal data.”

But he added that it’s common that class actions enrich the attorneys more than the victims. “Otherwise, the settlement conveys an illusory message of relatively modest penalties for negligent data protection,” he said. “In 2019, even a less severe breach is capable of exposing your company to incomparably severe and harsh sanctions in different jurisdictions. We have to take cybersecurity seriously or pay a considerable price.”

Yahoo’s proposed settlement is yet to be accepted by the U.S. District Court, Northern District of California. When the settlement will be considered by the court isn’t clear.

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU