[BreachExchange] Yahoo data-breach class-action lawsuits joined together in San Jose federal court

Fri Dec 9 13:58:58 EST 2016

http://www.siliconbeat.com/2016/12/08/yahoo-data-breach-
class-action-suits-joined-together-in-san-jose-federal-court

Five of at least 23 lawsuits against Yahoo over its record-setting and
controversial data breach have been consolidated into one suit, set to be
heard in federal court in San Jose.

Yahoo, which is in the midst of a $4.8 billion sale to Verizon, in
September announced that hackers in 2014 had stolen personal information
from at least 500 million user accounts. The firm said at the time that it
had discovered the breach, believed to be the largest data theft in
history, during a “recent” investigation.

But last month in a Securities and Exchange Commission filing, Yahoo
admitted it had known about the breach, which it has blamed on a
state-sponsored actor, in 2014. And the company in the filing said that the
Verizon sale could fall through.

Within hours of Yahoo’s original announcement in September about the
hacking, the first suit was filed. The following day, Ronald Schwartz,
identified as a Yahoo user from New York, filed a similar lawsuit, also
seeking class-action status, against Yahoo. More such actions followed.

On Dec. 7, a panel of federal judges combined those two cases and three
others into one suit, and set it to be heard in U.S. district court in San
Jose under Judge Lucy Koh. Four of the suits were filed originally in
California, and one in Illinois.

“These actions involve common questions of fact, and that centralization
will serve the convenience of the parties and witnesses,” the panel said.
“Yahoo’s corporate headquarters is located within the district, and
therefore relevant documents and witnesses are likely to be located there.”

The five lawsuits have in common questions about Yahoo’s protection of
users’ data; the company’s investigation of the breach; the “alleged delay
in disclosing the breach;” and the nature of the alleged damages, the panel
said.

Schwartz, in his suit, called Yahoo “grossly negligent” in its handling of
user data.

The first suit, filed in San Diego the day Yahoo revealed the hack, had
been filed by plaintiffs who before the revelation had suspected their
personal data had been stolen somehow. “They were trying to figure out how
people were accessing their information,” their lawyer David Casey told the
Mercury News at the time. “When this (breach) became public, they put two
and two together.”

Meanwhile, the fate of Yahoo remains uncertain. The sale was to close in
the first quarter of next year. Many analysts believe that if the sale to
Verizon does go through, Verizon will pay a discounted price because of the
breach and Yahoo’s response to it.

Yahoo’s stock price has fallen 6 percent from $44.14 the day before it
announced the data breach to close at $41.41 Thursday.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161209/a44abf99/attachment.html>