Yahoo Data Breaches and Settlements

 By Jackson White
Yahoo Data Breaches and Settlements
1. Data Breaches
Yahoo Email BreachYahoo has announced a series of data breaches and security intrusions which exposed personal information, including names, emails and security questions and answers from more than three billion accounts. The list of Yahoo breaches is as:

A. 2012 Data Security Intrusions:  From at least January through April 2012, at least two different malicious actors accessed Yahoo’s internal systems.  The available evidence, however, does not reveal that user credentials, email accounts, or the contents of emails were taken out of Yahoo’s systems.

B. 2013 Data Breach:  In August 2013, malicious actors were able to gain access to Yahoo's user database and took records for all existing Yahoo accounts-approximately three billion accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, any private information contained within users’ emails, calendars, and contacts.

C. 2014 Data Breach:  In November 2014, malicious actors were able to gain access to Yahoo's user database and take records of approximately 500 million user accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders, and, as a result, the actors may have also gained access to the contents of breached Yahoo accounts, and thus, any private information contained within users’ emails, calendars, and contacts.

D. 2015 and 2016 Data Breach:  From 2015 to September 2016, malicious actors were able to use cookies instead of a password to gain access into approximately 32 million Yahoo email accounts.

2. Settlements for Victims
Yahoo Email Breach
2.1 Residents of USA or Israel in 2012 through 2016
If you received a Notice about the Data Breaches A, B, C, or D in section 1, or if you had a Yahoo account at any time between January 1, 2012 and December 31, 2016, and are a resident of the United States or Israel, you are a "Settlement Class Member."

The Settlement fund of $117,500,000 is provided by Yahoo and its successor in interest, Oath Holdings Inc. It will provide: 
  • a minimum of two years of free credit-monitoring services to those covered by the deal to protect them from future identity theft;  
  • those who already have a credit-monitoring service will be eligible for cash payments instead;  
  • out-of-pocket costs for losses related to the data breaches; 
  • reimbursement of some costs for those who paid for Yahoo premium or small business services. 
The Settlement Fund will also be used to pay for attorneys' fees, costs, and expenses. For complete information, dates, and details on the benefits, visit the Settlement Website www.YahooDataBreachSettlement.com.

In or Out the Settlement
Even if you are eligible account holder covered by this settlement, you aren't in the settlement automatically. In order to receive any benefits, you must file a claim online or by mail by July 20, 2020.

If you want to keep your right to sue the Yahoo yourself, you must exclude yourself from the Settlement Class by March 6, 2020. Then you will not receive any credit monitoring or monetary relief from the Settlement.  

If you do nothing, you will not receive any credit monitoring or monetary benefits but you will still be bound by the Court's decisions. Complete information and instructions on Filing a Claim, excluding oneself from the Settlement, or Objecting are available on the Settlement Website at www.YahooDataBreachSettlement.com. The Court has scheduled a hearing in this case at 1:30 pm on April 2, 2020, in Courtroom 8 of the U.S Courthouse, 280 South 1st Street, 4th Floor, San Jose, CA 95113, to consider: whether to approve the Settlement; any objections; a request for Class Representatives’ Service Awards; and attorneys’ fees, costs, and expenses for investigating the facts, litigating the case, and negotiating the settlement.  The motion for attorney fees, costs, and expenses will be posted on on the date it is filed or as quickly thereafter as practicable. You may ask to appear at the hearing but you do not have to.

Reimbursement of up to $25,000  
If you are eligible account holder and file a claim online or by mail by July 20, 2020, you may be eligible to receive settlement benefits.

Then you are encouraged to submit a claim to receive a minimum of two years of future credit-monitoring services. If you already have these services, you may still sign up for additional protection.

Those who can verify they already have a credit-monitoring service that they will keep for at least one year may submit a claim for a cash payment of $100. Payment may be less than $100 or more depending on how many people participate in the settlement.

Eligible account holders may additionally provide documentation or proof to receive reimbursement of up to $25,000 in out-of-pocket losses, including lost time suffered because of the data breaches. This will include payment for up to 15 hours of time at a rate of $25 per hour, or unpaid time off work at your actual hourly rate, whichever is greater.

If lost time is not documented, consumers can receive payment for up to five hours at that same rate.

Contacts for the Settlement
For complete information and to file a claim for benefits, visit the Settlement Website,  www.YahooDataBreachSettlement.com
  • Email: info@YahooDataBreachSettlement.com
  • Call (USA): 844-702-2788
  • Call (Israel) 1-80-9344112
3. Other Yahoo Breach Reports