Yahoo has agreed to pay $50 million to users affected by data breaches in 2013 and 2014, finally bringing to a close one of the darkest days in Yahoo's history. The settlement was filed with the United States District Court in California, and should be approved at a hearing on November 29. The settlement will compensate an estimated 200 million affected individuals. In addition,Yahoo must provide a minimum of two years of free credit monitoring to those involved. For those that already have credit monitoring, a $100 award may be issued instead.
Security Breach Stole Data, but Delayed Disclosure Broke Trust
At issue were two separate data breaches, taking place in 2013 and 2014. The 2013 breach affected all of Yahoo's 3 billion users, but the second attack only affected about 500 million users. However, only those that suffered financial losses will be compensated under the settlement.
Yes, customers suffered financial losses. But what truly irked Yahoo customers, investors, and ultimately Verizon, was that the breaches were not disclosed until 2016. Such a long delay was seen as a betrayal and ultimately ruined Yahoo's reputation. Prior to the disclosure, Verizon was willing to pay around $4.8 billion to acquire Yahoo. When the acquisition deal was finally closed in 2017, Yahoo agreed to a $350 million sale price. Verizon consequently divided Yahoo's assets, and diluted the brand, which had been tarnished beyond repair.
$50 Million Settlement End of a Long Line of Losses
Under the terms of the settlement, Yahoo will pay half of the amount, and the other half will be paid by Altaba, which owns the non-Verizon Yahoo assets. Yahoo must also pay an additional $35 million in legal fees and expenses. Altaba already paid a $35 million fine to the US Securities and Exchange Commission (SEC) over Yahoo's failure to timely disclose the breach to investors. The amount of money affected by these two breaches has been nothing short of monumental.