Follow us:
  1. Home
  2. News
  3. Legal News

Judge denies plaintiffs’ motion for Yahoo data breach settlement

A California judge wants more answers from the tech giant

Photo via Twitter
For Yahoo, it’s back to square one. A motion to settle a lawsuit stemming from its series of data breaches has been swatted down by a California judge.

The plaintiffs in the case, who sued Yahoo after they said their personal data was stolen from Yahoo servers and sold on the dark web, had reached agreement with the tech giant on terms of a settlement.

But U.S. District Court Judge Lucy Koh rejected the agreement because she said it didn’t resolve the underlying issues. She complained that Yahoo had not committed to spend more money on security and charged the company with a lack of transparency in the wake of the incidents.

A spokesman for Verizon, Yahoo’s parent company, declined on comment on pending legal matters.

One billion user accounts

In December 2016 Yahoo confirmed that more than 1 billion user accounts had been compromised, a significant increase from the 500 million it disclosed three months earlier. It also said that it believed the first breach occurred as early as 2013.

Affected accounts contained names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers. At the time Yahoo said it believed the breach was carried out with “forged cookies,” small files are generally used to store small amounts of data about specific clients or websites. In this case, hackers used forged versions to access users’ account data without needing a password.

In 2017, Judge Koh ruled that a class action suit against Yahoo could move forward. Last March she ruled that Yahoo users could sue the company.

The case centers around users’ charges that Yahoo took too long to report the data breaches. In her March ruling Koh said customers may have “taken measures to protect themselves” against identity theft and fraud had they known about the breaches sooner.

Critical of Yahoo

In rejecting the motion for a settlement, Koh was highly critical of Yahoo’s handling of the breaches and questioned its commitment to making things right.

“Yahoo has only committed to the $50 million in settlement funds and hides the total settlement fund amount,” she wrote.

Koh, who has presided over the case from the start, also said Yahoo has been vague about what steps it has taken to secure its network systems in the aftermath of the breaches.

Take a Home Warranty Quiz. Get matched with an Authorized Partner.