Yahoo has said it will pay $80 million to settle a federal securities class action brought by investors who alleged that the organisation deliberately misled them about its information security practices in the wake of massive data breaches in 2013 and 2014, that compromised 3 billion users' personal data, and caused Yahoo's stock prices to fall.
The first breach was not disclosed until 2016, and the full extent of the damage was not known until October last year, months after the investors' lawsuit was filed.
The named defendants are the organisation as well as Marissa Mayer and Kenneth Goldman, who were CEO and CFO respectively at the time of the incidents. The settlement class includes all those who purchased or acquired Yahoo securities on the open market between 30 April 2013 and 14 December 2016.
The settlement must now be accepted by the court.
If approved by the court, the proposed agreement would be the first significant settlement to date of a securities fraud class action filed in response to a data breach.
However, it still might not mean the end of the case, as a court document revealed that one of the named plaintiffs in the lawsuit has not agreed to the settlement.
Ilia Kolochenko, CEO of Web security company High-Tech Bridge, says until approved by the court, it may be too early to comment on the settlement and its conditions.
"But this will certainly create a strong precedent to claim damages from breached companies. Class action will, however, unlikely provide the victims with substantial compensation compared to individual litigation that, on the other hand, could be prohibitively expensive and would take too long for individuals."
He adds that this is likely not Yahoo's last loss related to the breach. "Reputational damage is ongoing, and new lawsuits may be filed in other jurisdictions or by victims who opted out from the class action."
Share