Virtual Event Today: Cyber AI & Automation Summit - Register/Login Now
Connect with us

Hi, what are you looking for?



Altaba Settles Yahoo Breach Lawsuits for $47 Million

Altaba, the investment company that resulted from Verizon’s $4.5 billion acquisition of Yahoo’s Internet business last year, has agreed to settle consumer class action lawsuits triggered by the massive data breaches suffered by Yahoo in the past years.

Altaba, the investment company that resulted from Verizon’s $4.5 billion acquisition of Yahoo’s Internet business last year, has agreed to settle consumer class action lawsuits triggered by the massive data breaches suffered by Yahoo in the past years.

Yahoo revealed in September 2016 that its systems had been breached in late 2014 by what it believed to be a state-sponsored threat actor that had managed to access data from at least 500 million accounts.

In December 2016, the company announced a different breach, one that dated back to 2013, which impacted one billion user accounts. In October 2017, Yahoo admitted that the 2013 hack actually impacted all of its 3 billion users.Altaba Settles Consumer Class Action Lawsuits Related to Yahoo Breach for $47 Million

Several class action lawsuits were filed and the US Securities and Exchange Commission (SEC) launched an investigation into how the breaches were disclosed.

In a letter to shareholders, published on Monday on the SEC’s website, Altaba CEO Thomas J. McInerney revealed that the company expects to incur $47 million in settlement expenses related to three breach-related lawsuits.

“We are also pleased to announce today that we have reached an agreement in principle (subject to court approval) to settle the consumer class action litigation related to the Yahoo data breach. We have also received final court approval of the securities class action settlement, and we have negotiated an agreement to settle the shareholder derivative litigation (subject to court approval). We estimate that the Company will incur an incremental net $47 million in litigation settlement expenses to resolve all three cases,” McInerney wrote. “Together, these developments mark a significant milestone in cleaning up our contingent liabilities related to the Yahoo data breach.”

The latest breach-related settlement comes after Altaba in April agreed to pay a $35 million penalty to the SEC for not disclosing the 2014 breach to investors. In addition, a judge recently approved an $80 million settlement that Altaba agreed to pay after being accused of misleading investors about a total of four data breaches.

Commenting on the latest settlement, Ilia Kolochenko, CEO of web security company High-Tech Bridge, said, “Class actions are known to provide their members with very modest compensation compared to individual lawsuits. The settlement (subject to approval by court) makes slightly above $10 per breached account – a scanty amount in the GDPR era. Should a similar data breach happen today with the same disclosure timeline and similar circumstances, the amount of settlement could be significantly higher. Therefore, I think this is a considerable legal victory for Yahoo’s legal team.”

Related: Target to Pay States $18.5 Million Over 2013 Data Breach

Advertisement. Scroll to continue reading.

Related: Ashley Madison Offers $11 Million in Data Breach Settlement

Related: Home Depot to Pay Banks $25 Million for 2014 Breach

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.