Yahoo must face legal action for “biggest data breach in the history of the world”, judge rules
A US judge has ruled that Yahoo must now face nationwide litigation after failing to disclose unprecedented costumer data breaches until long after they had occurred.
The case was brought on behalf of more than one billion Yahoo users, whose personal information was compromised in three major data leaks.
The first breach affected more than one billion accounts in 2013, the second – for which two members of the Russian Federal Security Service and two other hackers were charged for – affected more than 500 million in 2014, and the third occurred in 2015 and 2016.
Yahoo hesitated to admit to the data breaches, only admitting that the first leak had occured three years in 2016.
US District Judge Lucy Koh of San Jose, California, rejected Yahoo’s lawyers’ arguments that victims of the data leaks did not have standing to sue. Yahoo had argued in court that the breaches were a “triumph of criminal of persistence” and proof that no security system is hack-proof.
The judge ruled, however, that the plaintiffs were able to pursue breach of contract and unfair competition claims in court.
Some plaintiffs had said that they had spent their own money in order to prevent future identity theft, and that fraudsters had used their leaked data. Had Yahoo not delayed admitting to the data leaks for so long, the judge said, users could have protected themselves by simply cancelling accounts or changing their passwords.
“All plaintiffs have alleged a risk of future identify theft, in addition to loss of value of their personal identification information,” she wrote in the 93-page document.
“We believe [the ruling] to be a significant victory for consumers, and will address the deficiencies the court pointed out,” said John Yanchunis, who represented the plantiffs. “It’s the biggest data breach in the history of the world.”
Yahoo was acquired by Verizon in June 2017 for $4.76 billion, and incorporated into a unit called “Oath”. Reports about the customer data leaks are thought to have significantly lowered this price.
In 2016, Yahoo was also accused of surreptitiously developing software to allow US intelligence agencies to search all of its customers’ emails for information.