Settlement At Last: The Never-Ending Yahoo Nightmare
The nightmare of Yahoo is still not ending, this is because their planned settlement agreement with its customers affected by a data breach episode was shut down by U.S. California District Court Judge Lucy Koh. Judge Koh arrived at her decision given that Yahoo is a settlement with the victims of the data breach with just $50 million, which according to her is grossly miscalculated. Yahoo is now a subsidiary of its new parent company, Verizon, which will be responsible for a portion of the settlement agreement in coordination with Altaba, who was Yahoo’s guardian prior to the Verizon takeover. The $50 million settlement is huge at first sight, but compared to an estimated 3 billion Yahoo accounts hacked from between 2013 and 2014, the amount is negligible.
A new settlement agreement has been penned valued at $117.5 million, more than double of the original amount, which is intended to pay for two-years worth of credit-monitoring services for at least 200 million customers affected. Once this revised settlement agreement is approved, this will become the largest settlement agreement between parties due to a data breach. The current record holder was when Anthem Inc. data breach case of 2015 made a settlement to the tune of $115 million, which coincidentally was also under Judge Koh’s jurisdiction.
“Following the Court’s denial of [the first proposed settlement], the Parties immediately set about addressing the issues the Court identified, re-engineering the resolution of this case. The Amended Settlement Agreement not only provides the biggest common fund ever obtained in a data breach case ($117,500,000.00), it materially moves the benchmarks on: The individual claim cap ($25,000), the amount of lost time that can be reimbursed (15 hours), the minimum rate at which such time is compensated ($25.00/hour), and alternative compensation for those already having credit monitoring ($100, up to full retail value of $358.80),” explained Koh.
Yahoo made an irreparable decision to delay the announcement that the company’s servers were hacked from 2013 to 2014, as they made the disclosure only in 2016 which permanently damaged the Yahoo brand. It cost Yahoo to lose its then CEO, former Googler Marissa Mayer, the company also lost trade value when it eventually decided to sell its brand to Verizon for just $350 million.
According to the Yahoo representatives, 194 million U.S. and Israel Yahoo customers will be qualified for receiving a portion of the settlement money in the form of two years credit monitoring service. It cost $14.95 per head per month or a total of $359 per affected Yahoo customer. For those that were signed-up with Yahoo Mail Plus during the data, breach window is qualified for a maximum of 25% refund.
“Maintain an information security budget of more than $300 million over the next four years and a team headcount of 200, amounts that are at least four times and three times greater, respectively, than Yahoo maintained prior to this case,” said a Yahoo representative.