Story image

US judge squashes Yahoo's attempt to stop data breach lawsuits

05 Sep 17

Both Yahoo and victims of its multiple data breaches have been granted – and denied – the ability to dismiss lawsuits based on plaintiffs’ Consolidation Class Action Complaint (CCAC) and under US California Unfair Competition Law (UCL).

Judge Lucy Koh delivered the verdict in a 93-page decision in California last week. She said that affected users of the 2013, 2014 and 2015/2016 breaches could claim breach of contract and competition.

“All plaintiffs have alleged a risk of future identity theft, in addition to the loss of value of their personal identification information,” Koh wrote in her decision.

The 2013 breach affected more than one billion user accounts; however Yahoo held off on the news for three years. A second breach happened in 2014, which affected 500 million accounts. In 2016, details emerged of a breach from 2015 that compromised 200 million accounts.

“Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry. Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account,” Yahoo said in a press release in September 2016.

In May, Yahoo had previously claimed that breach victims did not have enough grounds to sue the company because of ‘vague and unspecified harms’, despite at least 20 lawsuits filed at the end of 2016.

“According to Defendants, named Plaintiffs have not suffered an injury in fact because Plaintiffs allege only vague and unspecified harms, such as the loss of "unspecified information" and emails. Moreover, Defendants argue that Plaintiffs' other allegations of injury are speculative, and that any monetary injuries suffered by Plaintiffs have been reimbursed. Plaintiffs, by contrast, argue that all Plaintiffs have suffered concrete harms from the Data Breaches, and that several courts have found these harms sufficient to establish injury in fact in similar data breach cases,” Koh says in her report.

Earlier this year, US police charged two of four Russians, two of whom were from Russia’s Federal Security Service, in connection with the breaches.

At the end of August, defendant Karim Baratov pleaded not guilty to 47 charges, according to media reports. Alexsey Belan, Dmitry Dokuchaev and Igor Sushchin have not been captured.

Amongst the fallout from the breaches, CEO Marissa Meyer resigned and gave employees her annual bonus as compensation from the breaches.

Yahoo was purchased by Verizon last year for an original offer of US$4.8 billion. After news of the breaches surfaced, Verizon slashed its purchase offer to $4.48 billion. The company turned Yahoo’s assets into units called Oath and Altaba.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.