Yahoo Data Breaches and Settlements

Breach and Leak Report: Concise information for Yahoo data breaches helps victims avoid further privacy risk and file claims, including accidents reports and settlements for particular cases.

Search Email/Password Breach
 Learn how to check breach in 5 minutes
 Tips about Data Breach
 By Jackson WhiteBack to Breach List  
Yahoo Data Breaches and Settlements
1. Data Breaches
Yahoo Email BreachYahoo has announced a series of data breaches and security intrusions that exposed personal information, including names, emails, and security questions and answers from more than three billion accounts. The list of Yahoo breaches is as:

A. 2012 Data Security Intrusions:  From January through April 2012, at least two different malicious actors accessed Yahoo's internal systems. However, the available evidence does not reveal that Yahoo has taken out user credentials, email accounts, or the contents of emails from its systems.

B. 2013 Data Breach:  In August 2013, malicious actors were able to gain access to Yahoo's user database and took records for all existing Yahoo accounts-approximately three billion accounts worldwide. The data stolen included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, any private information contained within users' emails, calendars, and contacts.

C. 2014 Data Breach:  In November 2014, malicious actors were able to gain access to Yahoo's user database and take records of approximately 500 million user accounts worldwide. The data stolen included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have gained access to the contents of breached Yahoo accounts and any private information, which contained users' emails, calendars, and contacts.

D. 2015 and 2016 Data Breach:  From 2015 to September 2016, malicious actors could use cookies instead of a password to gain access to approximately 32 million Yahoo email accounts.

2. Settlements for Victims
Yahoo Email Breach
2.1 Residents of USA or Israel in 2012 through 2016
If you received a Notice about the Data Breaches A, B, C, or D in section 1, or if you had a Yahoo account at any time between January 1, 2012, and December 31, 2016, and are a resident of the United States or Israel, you are a "Settlement Class Member."

Yahoo and its successor in interest, Oath Holdings Inc., provides the Settlement fund of $117,500. It will include:
  • a minimum of two years of free credit-monitoring services to those covered by the deal to protect them from future identity theft;
  • those who already have a credit-monitoring service will be eligible for cash payments instead;
  • out-of-pocket costs for losses related to the data breaches;
  • reimbursement of some costs for those who paid for Yahoo premium or small business services.
The Settlement Fund will also be used to pay for attorneys' fees, costs, and expenses. For complete information, dates, and details on the benefits, visit the Settlement Website www.YahooDataBreachSettlement.com.

In or Out the Settlement
Even if you are an eligible account holder covered by this Settlement, you aren't in the Settlement automatically. To receive any benefits, you must file a claim online or by mail by July 20, 2020.

If you want to keep your right to sue Yahoo yourself, you must exclude yourself from the Settlement Class by March 6, 2020. Then you will not receive any credit monitoring or monetary relief from the Settlement.

You will not receive any credit monitoring or monetary benefits if you do nothing, but the Court's decisions will still bind you. Complete information and instructions on Filing a Claim, excluding oneself from the Settlement, or Objecting are available on the Settlement Website at www.YahooDataBreachSettlement.com. The Court has scheduled a hearing in this case at 1:30 pm on April 2, 2020, in Courtroom 8 of the U.S Courthouse, 280 South 1st Street, 4th Floor, San Jose, CA 95113, to consider: whether to approve the Settlement; any objections; a request for Class Representatives' Service Awards; and attorneys' fees, costs, and expenses for investigating the facts, litigating the case, and negotiating the Settlement. The motion for attorney fees, costs, and expenses will be posted on the date it is filed or as quickly as practicable. You may ask to appear at the hearing, but you do not have to.

Reimbursement of up to $25,000
If you are eligible for an account holder and file a claim online or by mail by July 20, 2020, you may be eligible to receive settlement benefits.

Then you are encouraged to submit a claim to receive a minimum of two years of future credit-monitoring services. You may still sign up for additional protection if you already have these services.

Those who can verify they already have a credit-monitoring service that they will keep for at least one year may submit a claim for a cash payment of $100. The amount may be less than $100 or more, depending on how many people participate in the Settlement.

Eligible account holders may additionally provide documentation or proof to receive reimbursement of up to $25,000 in out-of-pocket losses, including lost time suffered because of the data breaches. It will include payment for up to 15 hours at a rate of $25 per hour or unpaid time off work at your actual hourly rate, whichever is greater.

If lost time is not documented, consumers can receive payment for up to five hours at that same rate.

Contacts for the Settlement
For complete information and to file a claim for benefits, visit the Settlement Website, www.YahooDataBreachSettlement.com.
  • Email: info@YahooDataBreachSettlement.com
  • Call (USA): 844-702-2788
  • Call (Israel) 1-80-9344112
3. Other Yahoo Breach Reports