Yahoo has tabled an offer of more than $117 million to its customers to settle a class action lawsuit in the wake of a disastrous data breach in 2013.
The settlement reportedly covers around 194 million users in the United States and Israel, encompassing more than 896 million accounts.
Roughly three billion accounts were compromised in the 2013 breach, which Yahoo didn’t admit to until 2016.
The proposed payout, totalling $117.5 million, would see $24 million allocated for at least two years of credit monitoring, which is open to all Class Members and comes without a potential claimant cap.
Notice and administration caps would be limited to no more than $6 million while out-of-pocket expenses due to identity theft, lost time, paid users costs and small business user costs would also be covered. Alternative compensation of around $100 would also be provided for individuals already having credit monitoring.
Additionally, attorney fees would be capped at $30 million, with costs and expenses also capped at $2.5 million.
Yahoo’s initial settlement offer was rejected by US District Judge, Lucy Koh, following concerns that it failed to detail how much victims could recover.
Judge Koh said the offer was not “fundamentally fair, adequate and reasonable” to accept. Around 200 million users were linked to the class-action, which meant that there was little value per victim.
Around $35 million of the initial offer was also set aside for the plaintiff’s lawyers, which she insisted was excessive. The success of this latest offer from the tech firm now lies with Koh, who is still to give approval.
Yahuge Data Breach
The data breaches in question occurred in 2013 and 2014. Originally, the theft of Yahoo source code enabled attackers to compromise all of the technology behemoth’s three billion users. To add insult to injury, however, following the original security lapse, a second breach was carried out by a threat actor who managed to acquire information belonging to an additional 500 million accounts.
Sensitive information exposed by both breaches saw consumer’s names, passwords, email addresses, telephone numbers and dates of birth exposed.
US telecoms giant, Verizon, acquired Yahoo as part of a $4.5 billion deal in 2017. In reaction to the data breach, Verizon said it will spend more than $300 million over the next four years to bolster the organisations’ cybersecurity; a fee reportedly more than five times what Yahoo spent between 2013 and 2016.