Yahoo users can proceed with their data breach lawsuit, according to a recent court order that allowed the plaintiffs to pursue negligence and breach of contract claims against the internet giant and its now-parent company Verizon.
US District Court Judge Lucy Koh agreed that plaintiffs had shown that they would have behaved differently with regards to their Yahoo email accounts.
Plaintiffs explained that, had they known about the inadequacy of these security measures, they “would have taken measures to protect themselves,” wrote Koh in her opinion. “Plaintiffs’ allegations are sufficient to show that they would have behaved differently had Defendants disclosed the security weaknesses of the Yahoo Mail system.”
Yahoo sought to dismiss the class action lawsuit in its entirety and succeeded in having portions of the lawsuit dismissed. Some of the remaining complaints in the suit will allow plaintiffs to sue for punitive damages for concealment of breaches incurred by Yahoo.
The lawsuits cover three data breaches that struck Yahoo between 2013 and 2016, affecting all three billion users of Yahoo’s email service. Plaintiffs argued that the internet firm had been repeatedly warned about its lax data security, including a 2012 security event intended, according to the court opinion, as “a wake-up call” to Yahoo over vulnerabilities in its system.
“Plaintiffs allege that ‘former Yahoo security staffers interviewed later told Reuters that requests made by Yahoo’s security team for new tools and features such as strengthened cryptography protections were, at times, rejected on the grounds that the requests would cost too much money, were too complicated, or were simply too low a priority,’” Koh noted in her opinion.