Judge Rules Victims of Yahoo Data Breach Can Sue

yahoo data breach victims allowed to sue judge rules

U.S. District Court Judge Lucy Koh has officially ruled that the victims of the colossal Yahoo data breach will be able to sue the online enterprise, reasoning that consumers would have acted differently if they had been informed of the hacks and the security vulnerabilities earlier.

Verizon Communications, now Yahoo’s parent company, attempted to have the suits brought against them thrown out of court, arguing Yahoo had been targeted by “relentless criminal attacks,” according to Reuters, mitigating their responsibility. Plaintiffs argued that Yahoo knew of the cybersecurity vulnerabilities allowing the breach in 2012, and about a separate hack that took place in 2014. They are suing for negligence and breach of contract, among other charges.

Yahoo originally admitted to a breach of 1 billion of their consumers’ accounts in 2016 during their purchasing negotiations with Verizon; the revelation resulted in a purchase price cut of around $4.5 billion. The hack took place around 2013. In October 2017, the search engine and email provider admitted that all 3 billion accounts had been breached, making it potentially the largest (in number of users affected) data breach of all time. Yahoo was derided for their slow response and disclosure times and for allowing known vulnerabilities to persist. Since the full extent of  the data breach was revealed, the plaintiffs against them have tripled their damage claims. 

Neither Verizon nor attorneys for the plaintiffs have provided comment to reporters at time of writing. U.S. investigators connected the breach to Russian threat actors, making this another example of a nation-state attack. The U.S. government has made some moves to try to mitigate the effectiveness of foreign hackers, but due to the complex geopolitical situation these hacks touch upon their response and retaliation options are limited. Enterprises should take note that this ruling will most likely set a precedent for consumers suing companies that suffer a data breach. 


Ben Canner

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner

Leave a Reply

Your email address will not be published. Required fields are marked *