Follow Slashdot stories on Twitter


Forgot your password?
Yahoo! Security The Courts United States

Data Breach Victims Can Sue Yahoo in the United States, Federal Judge Rules ( 13

Yahoo has been ordered by a federal judge to face much of a lawsuit in the United States claiming that the personal information of all 3 billion users was compromised in a series of data breaches. From a report: In a decision on Friday night, U.S. District Judge Lucy Koh in San Jose, California rejected a bid by Verizon Communications, which bought Yahoo's Internet business last June, to dismiss many claims, including for negligence and breach of contract. Koh dismissed some other claims. She had previously denied Yahoo's bid to dismiss some unfair competition claims.

[...] The plaintiffs amended their complaint after Yahoo last October revealed that the 2013 breach affected all 3 billion users, tripling its earlier estimate. Koh said the amended complaint highlighted the importance of security in the plaintiffs' decision to use Yahoo. 'Plaintiffs' allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System," Koh wrote. She also said the plaintiffs could try to show that liability limits in Yahoo's terms of service were "unconscionable," given the allegations that Yahoo knew its security was deficient but did little.

Data Breach Victims Can Sue Yahoo in the United States, Federal Judge Rules

Comments Filter:
  • by OffTheLip ( 636691 ) on Monday March 12, 2018 @03:12PM (#56248315)
    After enjoying personal data giveaways by Anthem, Home Depot, LinkedIn, the federal government, Target and Equifax I find the Yahoo breach to be laughable. ymmv.
  • by 8127972 ( 73495 ) on Monday March 12, 2018 @03:29PM (#56248381)

    ..... That if you factor in the number of people who were affected by this and the potential cash that could be extracted from Verizon as they are now left holding the bag, this is going to get settled out of court pretty quickly as fighting this and losing is going to get expensive in a hurry and even Verizon doesnâ(TM)t have that kind of cash. The question is, how long will that take to happen.

  • by FeelGood314 ( 2516288 ) on Monday March 12, 2018 @04:40PM (#56248737)
    Yahoo treated security as just an expense and an inconvenience. They gave security lips service but when some new shiny tool came along security was always the last thing slapped on at the end. Except I can't just say that about Yahoo, I can say it about just about every company.* Even if individuals in organizations care about security it really doesn't make sense to invest time and money to make things secure. Just role the dice and hope for the best. Make money now and then apologies later. From society's standpoint maybe that's what we want. A few tens of thousands of people might have been badly inconvenienced by yahoo's lack of diligence. Are we, as a society willing to pay more for our goods and services to make them more secure? I think most of us are willing to put up with the crappy security and just hope we aren't one of the victims. So let yahoo get away with it and not pay anything. It's not like equifax paid that much of a fine.

    *Note: I am a security expert, I do consulting, I get paid very well but I'm almost always frustrated. Every morning I wake up and I'm amazed the lights still come on.
  • how about equifax (Score:4, Insightful)

    by jmccue ( 834797 ) on Monday March 12, 2018 @05:57PM (#56249153) Homepage

    Well that is all well and good, I can sue yahoo for email I hardly ever use and created with made up data ages ago :) the yahoo breach means nothing to me.

    What about Equifax, they should be sued into oblivion including the board members. Far more damaging information was released in that breach to the point I now say "who cares about good passwords now, everything about you is now out in the wild", including stuff you do not know.

  • That is almost 1 out of every 2 people on earth. They might have had 3 billion 'accounts', but how many of them were throw aways that people kept creating and discarding for various questionable purposes. I would guess legitimate accounts will drop 2+ zeros from that total. Verifiable accounts, those where the owner will respond back, would drop 2+ more zeros.
    • Considered properly, it's not just Yahoo's users, it's everyone who has corresponded via e-mail with someone who used a Yahoo mail address (and maybe including and mail addresses), because those relationships have now (for some years) been mined by spammers, and now those folks are getting spam that at first glance appears to come from the user of the Yahoo mail address (same personal name in From: header, albeit now with different e-mail address).

grep me no patterns and I'll tell you no lines.