Yahoo data breach lawsuit can proceed, US district court rules

By Erin Ayers on March 15, 2018

Yahoo users can proceed with their data breach lawsuit, according to a recent court order that allowed the plaintiffs to pursue negligence and breach of contract claims against the internet giant and its now-parent company Verizon.

US District Court Judge Lucy Koh agreed that plaintiffs had shown that they would have behaved differently with regards to their Yahoo email accounts.

Plaintiffs explained that, had they known about the inadequacy of these security measures, they “would have taken measures to protect themselves,” wrote Koh in her opinion. “Plaintiffs’ allegations are sufficient to show that they would have behaved differently had Defendants disclosed the security weaknesses of the Yahoo Mail system.”

Yahoo sought to dismiss the class action lawsuit in its entirety and succeeded in having portions of the lawsuit dismissed. Some of the remaining complaints in the suit will allow plaintiffs to sue for punitive damages for concealment of breaches incurred by Yahoo.

The lawsuits cover three data breaches that struck Yahoo between 2013 and 2016, affecting all three billion users of Yahoo’s email service. Plaintiffs argued that the internet firm had been repeatedly warned about its lax data security, including a 2012 security event intended, according to the court opinion, as “a wake-up call” to Yahoo over vulnerabilities in its system.

“Plaintiffs allege that ‘former Yahoo security staffers interviewed later told Reuters that requests made by Yahoo’s security team for new tools and features such as strengthened cryptography protections were, at times, rejected on the grounds that the requests would cost too much money, were too complicated, or were simply too low a priority,’” Koh noted in her opinion.

READ THE FULL STORY

This story in an excerpt of the original. The content originally appeared in Cyber Front Page News.
To read the full story, you must be a subscriber. If you are a subscriber, check your email for Cyber Front Page News on March 15, 2018.

eayers@advisen.com'

Erin is an editor at Advisen. She has 15 years of journalism experience. Prior to Advisen, Erin covered property-casualty insurance for 13 years as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at eayers@advisen.com.