According to data protection specialists, Yahoo is about to close a $117.5 million USD settlement to end the class action against them due to a series of security breaches that affected the company’s users between 2012 and 2016. If you operated a Yahoo account during that period, you are likely to be eligible to receive $100 USD or two years of free credit monitoring services.
For years, hackers were able to access the Yahoo accounts of millions of users, although they could not extract data. The class action was filed and Yahoo has finally reached a satisfactory settlement for the parties involved.
During the six years the breach remained active, various hackers performed some intrusions into the company’s systems. For example, in 2012 two hackers accessed Yahoo’s internal systems, although they took no information. A year later, another hacker group infiltrated the company’s databases, accessing the records of all Yahoo accounts (affecting about 3 billion users), data protection experts mention.
Now, the company has announced the agreement which, as in similar incident, offers affected parties some options to compensate for the inconveniences. Yahoo is offering two years of free credit monitoring services to all affected users. In the event that this offer is not convincing, the company is offering a $100 USD compensation to affected users, as long as they sign up for one of the free credit monitoring services available online, such as the popular Credit Karma.
Everything sounds too good to be true, so we have to clarify some points. The settlement figure is $117.5M USD, so the more people choose to receive money, the lower the amount they will receive. According to data protection specialists, something similar happened in the data breach agreement at Equifax, when those affected ended up receiving much less money than expected due to the high demand. Therefore, the Federal Trade Commission (FTC) has recommended that affected users opt for free monitoring services.
How to claim the benefit?
Any US or Israel resident who managed a Yahoo account between 2012 and 2016 can apply for compensation. To submit the application, users must visit the website that the company has put online for this purpose and complete the appropriate form for their case. In most cases, users must complete the single account holder form.
In very specific cases, users could seek compensation of up to $25k USD for loss of time and money from intrusions, although they will need to back up their claims with documentation and other evidence. Companies that contracted the Yahoo Mail Premium service will also be able to receive additional compensation, noted data protection specialists from the International Institute of Cyber Security (IICS). Yahoo will receive requests until July 20, 2020.