Yahoo offers $118 million to settle one of the largest breaches ever
posted Saturday Apr 13, 2019 by Scott Ertz
In 2016, Yahoo announced that they had a massive data breach in 2013 that affected about 1 billion customers. The size and scope were enough that it almost derailed the purchase by Verizon. In the end, Verizon did receive a discount of $350 million off the overall price, which was far less than the $1 billion they wanted to save. After the purchase was finalized, Verizon reevaluated the data about the breach and discovered that not only the 1 billion announced accounts but the entirety of the Yahoo user base were affected: 3 billion accounts.
The inevitable lawsuit that resulted from the breach has been in progress nearly since the day Yahoo initially announced the incident. The two sides attempted previously to settle the case for $50 million plus attorneys' fees. That one didn't fly in court, as US District Judge Lucy Koh declined the settlement in January. This week, the company and the plaintiffs offered $117.5 million in settlement. As with the previous settlement, it will face judicial review. The new proposal states,
Following the Court's denial of (the first proposed settlement), the Parties immediately set about addressing the issues the Court identified, re-engineering the resolution of this case. The Amended Settlement Agreement not only provides the biggest common fund ever obtained in a data breach case ($117,500,000.00), it materially moves the benchmarks on: The individual claim cap ($25,000), the amount of lost time that can be reimbursed (15 hours), the minimum rate at which such time is compensated ($25.00/hour), and alternative compensation for those already having credit monitoring ($100, up to full retail value of $358.80).
As part of the settlement, every affected user will receive 2 years of credit monitoring with the option for $100 if you already have credit monitoring, the class representatives will receive a cash settlement, and out of pocket reimbursement for the cost of related identity theft. The class would include all members in the US and Israel, including individuals and small businesses.