Yahoo agrees to pay £38 million for massive security breach
Yahoo has agreed to pay $50 million (£38.4 million) in damages and provide two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the biggest security breach in history.
The restitution hinges on federal court approval of a settlement filed late on Monday in a two-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries that occurred in 2013 and 2014, but were not disclosed until 2016.
It adds to the financial fallout from a security lapse that provided a mortifying end to Yahoo’s existence as an independent company and former chief executive Marissa Mayer’s six-year reign.
Yahoo revealed the problem after it had already negotiated a $4.83 billion deal to sell its digital services to Verizon Communications.
It then had to discount that price by $350 million to reflect its tarnished brand and the spectre of other potential costs stemming from the breach.
About three billion Yahoo accounts were hit by hackers that included some linked to Russia by the FBI.
The settlement reached in a San Francisco court covers about one billion of those accounts held by an estimated 200 million people in the US and Israel from 2012 through 2016.
Claims for a portion of the 50 million dollar fund can be submitted by any eligible Yahoo account holder who suffered losses resulting from the security breach.
The costs can include such things as identity theft, delayed tax refunds or other problems linked to having had personal information pilfered during the Yahoo break-ins.
The fund will compensate Yahoo account holders at a rate of 25 dollars per hour for time spent dealing with issues triggered by the security breach, according to the preliminary settlement.
Those with documented losses can ask for up to 15 hours of lost time, or 375 dollars.
Those who cannot document losses can file claims seeking up to five hours, or 125 dollars, for their time spent dealing with the breach.
Yahoo account holders who paid 20 dollars to 50 dollars annually for a premium email account will be eligible for a 25% refund.
The free credit monitoring service from AllClear could end up being the most valuable part of the settlement for most account holders.
The lawyers representing the account holders pegged the retail value of AllClear’s credit-monitoring service at 14.95 dollars per month, or about 359 dollars for two years – but it is unlikely Yahoo will pay that rate.
The settlement did not disclose how much Yahoo had agreed to pay AllClear for covering affected account holders.