U.S. Court Denies Yahoo’s Attempted Settlement Agreement
After 3 years of hearing, a U.S. judge has denied Yahoo’s planned settlement in connection with the Yahoo email’s data breach from 2013 to 2016. It was dubbed the biggest data breach in the world as it compromised an estimated 3 billion accounts. Lucy Koh, U.S. District Judge who first became popular with the Apple vs Samsung trial years ago, has ruled that the settlement is unfair, inadequate and unreasonable. Now owned by Verizon Communications, a US-based telecommunication giant, Yahoo is attempting to offer its affected customers a $50 million pay-out with credit monitoring service for the next two years for their the United States and Israel customers (around 1 billion accounts).
Judge Koh is not convinced that Yahoo is giving fair compensation to their affected customers, especially raised the question of why the former tech giant downplayed the number of victims in the data breach, as the company reported to the court a lesser number of victims than security experts have predicted. She also disputed the proposed maximum fees for lawyers’ fees, which Yahoo pegged at $35 million, which she branded as ‘not particularly novel and unreasonably high.’
“Yahoo misrepresents the number of affected Yahoo users by publicly filing an inflated, inaccurate calculation of users and simultaneously filing under seal a more accurate, much smaller number. Yahoo has not committed to any specific increases in the budget for data security and has made only vague commitments as to specific business practices to improve data security. Yahoo’s history of nondisclosure and lack of transparency related to the data breaches are egregious. Unfortunately, the settlement agreement, proposed notice, motion for preliminary approval, and public and sealed supplemental filings continue this pattern of lack of transparency. The proposed notice does not disclose the costs of credit monitoring services or costs for class notice and settlement administration and does not disclose the total size of the settlement fund. Without knowing the total size of the settlement fund, class members cannot assess the reasonableness of the settlement. For the foregoing reasons, Plaintiffs’ motion for preliminary approval of class action settlement is DENIED.” explained Koh.
Yahoo’s decision to become part of Verizon was due to the aftermath of the data breach. Verizon bought Yahoo to the tune of $4.83 billion in July 2016, which was later revealed that it was sold cheaper at $4.48 billion. Part of the suit against Yahoo was the prosecution of two hackers and their two Russian accomplices.
Verizon on its part is looking forward to find a better alternative after Judge Koh’s ruling. “While preliminary approval of the settlement was not granted, we’re confident that we can achieve a viable path forward,” said Verizon.
Apparently, she needs to be convinced that the settlement is fair for the victims, as she approves the settlement agreement proposed by Anthem, which also experienced a data breach affecting 79 million victims. The approved settlement agreement was to the tune of $115 million, Anthem gave the victims free credit monitoring service even before the settlement agreement came into being.
Julia Sowells698 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.