[BreachExchange] Judge Allows Much Of Yahoo Breach Suit To Go Forward

[Audrey McNeil]

https://www.pymnts.com/legal/2018/yahoo-data-breach-identity-theft-lawsuit/


A U.S. district court in San Jose, California, ruled late last week that
most of a lawsuit concerning Yahoo’s data breach, which exposed 3 billion
users’ personal data, can proceed.

According to news from Reuters, U.S. District Judge Lucy Koh dismissed an
effort by Yahoo parent company Verizon Communications Inc. to get the
claims tossed out, including allegations of negligence and breach of
contract. The judge, according to Reuters, previously denied a bid by Yahoo
to dismiss claims of unfair competition.

Following the incident, Yahoo faced criticism that it was too slow to alert
customers to the breach in data privacy that spanned three years, from 2013
to 2016. By not disclosing the fissure in its cybersecurity defenses
sooner, the company increased the risk of identity theft for those who were
impacted — not to mention the countless customers who had to freeze their
credit and spend money on monitoring and protection services.

The complaint on the part of Yahoo customers was amended in October after
Yahoo disclosed the data breach impacted 3 billion users, triple its
previous estimate. The amended complaint, said the judge according to
Reuters, shows how important a role security plays in a customer’s decision
to use Yahoo.

“Plaintiffs’ allegations are sufficient to show that they would have
behaved differently had defendants disclosed the security weaknesses of the
Yahoo Mail System,” Koh wrote, according to Reuters. The judge also ruled
the plaintiffs can attempt to show that liability limits in the terms of
service at Yahoo were “unconscionable,” given allegations that Yahoo knew
there were security shortcomings but didn’t do much to address them.

Back in Oct. 2017, Yahoo announced its 2013 security breach exposed all 3
billion of its users. According to news from Bloomberg Technology at the
time, Yahoo obtained the new information after Verizon acquired it for $4.5
billion. Initially, Yahoo only revealed that 1 billion accounts had been
compromised. The stolen information didn’t include passwords in clear text,
payment data or bank account information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180312/ad394077/attachment.html>