One of the largest consumer internet hacks has bred one of the largest class action settlements afterÂ Yahoo agreed to pay $50 million to victims of a security breach that’s said to have affected up to 200 million U.S. consumers and some three billion email accounts worldwide.
In what appears to be the closing move to the two-year-old lawsuit,Â Yahoo — which is now part of Verizon’s Oath business [which is the parent company of TechCrunch] — has proposed to pay $50 million in compensation to an estimated 200 million users in the U.S. and Israel, according to a court filing.
In addition, the company will cover up to $35 million on lawyer fees related to the case and provide affected users in the U.S. withÂ credit monitoring services for two years via AllClear, a package that would retail for around $350. There are also compensation options for small business and individuals to claim back costs forÂ losses associated with the hacks. That could include identity theft, delayed tax refunds and any other issuesÂ related to data lost at the hands ofÂ theÂ breaches. Finally, those who paid for premium Yahoo email services are eligible for a 25 percent refund.
The deal is subject to final approval fromÂ U.S. District Judge Lucy Koh of the Northern District of California at a hearing slated for November 29.
Since Yahoo is now part of Oath, the costs will be split 50-50 between Oath and Altaba, the holding company that owns what is left of Yahoo following the acquisition. Altaba last month revealed it had agreed to pay $47 million to settle three legal cases related to the landmark security breach.
Yahoo estimates that three billion accounts were impacted by a series of breaches that began in 2013. The intrusion is believed to have been state-sponsored attack by Russia, although no strongÂ evidence has been provided to support that claim.
The incidentÂ wasn’t reported publicly until 2016, just months afterÂ Verizon announced that it would acquire Yahooâ€™s core business in a $4.8 billion deal.
At the time,Â Yahoo estimated that the incident had affected “at least” 500 million users but it later emerged that data on all of Yahoo’s three billion users had been swiped. A second attack a year later stole information that included email and passwords belonging to 500 million Yahoo account holders. Unsurprisingly, the huge attacks saw Verizon negotiate a $350 million discount on the deal.
Source: Techcrunch Disrupt