Judge Allows Much Of Yahoo Breach Suit To Go Forward

A U.S. district court in San Jose, California, ruled late last week that most of a lawsuit concerning Yahoo’s data breach, which exposed 3 billion users’ personal data, can proceed.

According to news from Reuters, U.S. District Judge Lucy Koh dismissed an effort by Yahoo parent company Verizon Communications Inc. to get the claims tossed out, including allegations of negligence and breach of contract. The judge, according to Reuters, previously denied a bid by Yahoo to dismiss claims of unfair competition.

Following the incident, Yahoo faced criticism that it was too slow to alert customers to the breach in data privacy that spanned three years, from 2013 to 2016. By not disclosing the fissure in its cybersecurity defenses sooner, the company increased the risk of identity theft for those who were impacted — not to mention the countless customers who had to freeze their credit and spend money on monitoring and protection services.

The complaint on the part of Yahoo customers was amended in October after Yahoo disclosed the data breach impacted 3 billion users, triple its previous estimate. The amended complaint, said the judge according to Reuters, shows how important a role security plays in a customer’s decision to use Yahoo.

“Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,” Koh wrote, according to Reuters. The judge also ruled the plaintiffs can attempt to show that liability limits in the terms of service at Yahoo were “unconscionable,” given allegations that Yahoo knew there were security shortcomings but didn’t do much to address them.

Back in Oct. 2017, Yahoo announced its 2013 security breach exposed all 3 billion of its users. According to news from Bloomberg Technology at the time, Yahoo obtained the new information after Verizon acquired it for $4.5 billion. Initially, Yahoo only revealed that 1 billion accounts had been compromised. The stolen information didn’t include passwords in clear text, payment data or bank account information.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.