Yahoo has proposed a $117.5 million settlement to a class-action lawsuit involving multiple data breaches between 2013 and 2016. The company originally thought 1 billion people were affected by those breaches; it raised that number to 3 billion in October 2017. But the number of people who participated in the lawsuit is significantly lower, with Reuters today reporting that the settlement could be split between 194 million people.
The proposed settlement requires approval from U.S. District Judge Lucy Koh, who denied a previous offer because it wasn't “fundamentally fair, adequate and reasonable." Reuters said the new proposal is much more specific: it's offering "at least $55 million for victims’ out-of-pocket expenses and other costs, $24 million for two years of credit monitoring, up to $30 million for legal fees and up to $8.5 million for other expenses."
This settlement would also see Verizon, Yahoo's parent company, up its spending on security to $306 million between 2019 and 2022. Yahoo spent one-fifth that amount between 2013 and 2016. Verizon also said it would quadruple Yahoo's security staff in that timeframe to bolster its defenses and make sure it can better respond to breaches after they occur.
As a reminder, Verizon was originally supposed to acquire Yahoo for $4.83 billion, but the amount was reduced to $4.48 billion after Yahoo revealed more information about the breaches. It's not hard to guess why. Yahoo disclosed the largest data breach in history after it agreed to be acquired by Verizon. Verizon wrote off Yahoo's value in December 2018, and now it's going to have to spend hundreds of millions of dollars as part of this settlement.
That number could always rise, too, depending on whether or not Koh accepts the proposed settlement. One of the plaintiffs' lawyers already said $117.5 million is the "biggest common fund ever obtained in a data breach case," according to Reuters. But that doesn't mean it'll be enough. Compromising information about nearly 40 percent the global population shouldn't be taken lightly.
