Story image

US judge squashes Yahoo's attempt to stop data breach lawsuits

05 Sep 2017

Both Yahoo and victims of its multiple data breaches have been granted – and denied – the ability to dismiss lawsuits based on plaintiffs’ Consolidation Class Action Complaint (CCAC) and under US California Unfair Competition Law (UCL).

Judge Lucy Koh delivered the verdict in a 93-page decision in California last week. She said that affected users of the 2013, 2014 and 2015/2016 breaches could claim breach of contract and competition.

“All plaintiffs have alleged a risk of future identity theft, in addition to the loss of value of their personal identification information,” Koh wrote in her decision.

The 2013 breach affected more than one billion user accounts; however Yahoo held off on the news for three years. A second breach happened in 2014, which affected 500 million accounts. In 2016, details emerged of a breach from 2015 that compromised 200 million accounts.

“Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry. Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account,” Yahoo said in a press release in September 2016.

In May, Yahoo had previously claimed that breach victims did not have enough grounds to sue the company because of ‘vague and unspecified harms’, despite at least 20 lawsuits filed at the end of 2016.

“According to Defendants, named Plaintiffs have not suffered an injury in fact because Plaintiffs allege only vague and unspecified harms, such as the loss of "unspecified information" and emails. Moreover, Defendants argue that Plaintiffs' other allegations of injury are speculative, and that any monetary injuries suffered by Plaintiffs have been reimbursed. Plaintiffs, by contrast, argue that all Plaintiffs have suffered concrete harms from the Data Breaches, and that several courts have found these harms sufficient to establish injury in fact in similar data breach cases,” Koh says in her report.

Earlier this year, US police charged two of four Russians, two of whom were from Russia’s Federal Security Service, in connection with the breaches.

At the end of August, defendant Karim Baratov pleaded not guilty to 47 charges, according to media reports. Alexsey Belan, Dmitry Dokuchaev and Igor Sushchin have not been captured.

Amongst the fallout from the breaches, CEO Marissa Meyer resigned and gave employees her annual bonus as compensation from the breaches.

Yahoo was purchased by Verizon last year for an original offer of US$4.8 billion. After news of the breaches surfaced, Verizon slashed its purchase offer to $4.48 billion. The company turned Yahoo’s assets into units called Oath and Altaba.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.
Red Box gains compliance boost with new partnership
By partnering with Global Relay, voice platform provider Red Box is improving the security of its offerings for high-value and risk voice data.