BreachExchange mailing list archives
Judge Allows Much Of Yahoo Breach Suit To Go Forward
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 12 Mar 2018 19:04:08 -0600
https://www.pymnts.com/legal/2018/yahoo-data-breach-identity-theft-lawsuit/ A U.S. district court in San Jose, California, ruled late last week that most of a lawsuit concerning Yahoo’s data breach, which exposed 3 billion users’ personal data, can proceed. According to news from Reuters, U.S. District Judge Lucy Koh dismissed an effort by Yahoo parent company Verizon Communications Inc. to get the claims tossed out, including allegations of negligence and breach of contract. The judge, according to Reuters, previously denied a bid by Yahoo to dismiss claims of unfair competition. Following the incident, Yahoo faced criticism that it was too slow to alert customers to the breach in data privacy that spanned three years, from 2013 to 2016. By not disclosing the fissure in its cybersecurity defenses sooner, the company increased the risk of identity theft for those who were impacted — not to mention the countless customers who had to freeze their credit and spend money on monitoring and protection services. The complaint on the part of Yahoo customers was amended in October after Yahoo disclosed the data breach impacted 3 billion users, triple its previous estimate. The amended complaint, said the judge according to Reuters, shows how important a role security plays in a customer’s decision to use Yahoo. “Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,” Koh wrote, according to Reuters. The judge also ruled the plaintiffs can attempt to show that liability limits in the terms of service at Yahoo were “unconscionable,” given allegations that Yahoo knew there were security shortcomings but didn’t do much to address them. Back in Oct. 2017, Yahoo announced its 2013 security breach exposed all 3 billion of its users. According to news from Bloomberg Technology at the time, Yahoo obtained the new information after Verizon acquired it for $4.5 billion. Initially, Yahoo only revealed that 1 billion accounts had been compromised. The stolen information didn’t include passwords in clear text, payment data or bank account information.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Judge Allows Much Of Yahoo Breach Suit To Go Forward Audrey McNeil (Mar 13)