Date
22 July 2019
A US judge has slammed Yahoo’s "history of nondisclosure and lack of transparency" in relation to data breaches. Photo: Reuters
A US judge has slammed Yahoo’s "history of nondisclosure and lack of transparency" in relation to data breaches. Photo: Reuters

US judge rejects Yahoo data breach settlement

A US judge rejected Yahoo’s proposed settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history, faulting the Internet services provider for a lack of transparency, Reuters reports.

In a Monday night decision, US District Judge Lucy Koh in San Jose, California, said she could not declare the settlement “fundamentally fair, adequate and reasonable” because it did not say how much victims could expect to recover.

Yahoo, now part of Verizon Communications, was accused of being too slow to disclose three breaches from 2013 to 2016 that affected an estimated 3 billion accounts.

The settlement called for a US$50 million payout, plus two years of free credit monitoring for about 200 million people in the United States and Israel with nearly one billion accounts.

But the judge said the accord did not disclose the size of the settlement fund or the costs of the credit monitoring, and the proposed class may be too big because the number of “active” users that Yahoo disclosed privately to her was far lower.

Koh also said the maximum US$35 million of fees for the plaintiffs’ lawyers may be “unreasonably high,” saying the legal theories of the case were “not particularly novel.”

Verizon said: “While preliminary approval of the settlement was not granted, we’re confident that we can achieve a viable path forward.”

Koh contrasted her decision with her approval last August of health insurer Anthem Inc’s US$115 million settlement over data breaches affecting about 79 million victims.

The judge said Anthem, unlike Yahoo, timely disclosed the breaches, offered free credit monitoring even before settling, and committed to upgrading its data security.

“Yahoo’s history of nondisclosure and lack of transparency related to the data breaches are egregious,” Koh wrote.

“Unfortunately, the settlement agreement, proposed notice, motion for preliminary approval, and public and sealed supplemental filings continue this pattern of lack of transparency,” she added.

– Contact us at [email protected]

RC

EJI Weekly Newsletter

Please click here to unsubscribe