Yahoo should pay $50 million in damages and provide two years of free credit-monitoring services due to the biggest security breach in history. The breach affected 200 million users whose email addresses and personal data were stolen.
The restitution lies on federal court approval of a settlement filed on Monday in a 2-year-old lawsuit seeking to hold Yahoo accountable for digital burglaries which occurred in 2013 and 2014 but weren’t disclosed until 2016. It is also due to the financial crash from a security flaw which lead to the end of the Yahoo’s existence as an independent company.
The issue was revealed by Yahoo after they had already negotiated a $4.83 billion deal to sell its digital services to Verizon Communications. After that, the company had to discount that price by $350 million to reflect its tarnished brand and the specter of other potential costs stemming from the security flaw. Now Verizon is to pay for one half of the settlement cost, while the other half is to be paid by Altaba Inc.
The security breach affected about 3 billion Yahoo accounts, including some linked to Russia by the FBI. According to the settlement reached in California, the court covers about 1 billion of those accounts held by an estimated 200 million people in the U.S. and Israel from 2012 through 2016.
Any eligible Yahoo account holder who suffered losses due to the security breach can claim for a portion of the $50 million fund. The costs include such things as identity theft, delayed tax refunds or other problems linked to having had personal information pilfered during the Yahoo break-ins.
According to the preliminary settlement, the $50 million fund will compensate Yahoo account holders at a rate of $25 per hour for time spent dealing with issues triggered by the security flaw.
The holders with documented losses can claim for up to 15 hours of lost time, or $375 in total. Those who can’t document losses can file claims for up to five hours, or $125. The holders who paid $20 to $50 annually for a premium email account will be eligible for a 25% refund.
The free credit monitoring service from AllClear could end up being the most valuable part of the settlement for most account holders. The lawyers representing the holders pegged the retail value of AllClear’s credit-monitoring service at $14.95 per month or about $359 for two years, however, it’s unlikely Yahoo to pay that rate.
The lawyers for Yahoo’s account holders praised the settlement as a positive outcome, given the uncertainty of what might have happened had the case headed to trial.
Estimates of damages caused by security breaches vary widely, with experts asserting the value of personal information held in email accounts can range from $1 to $8 per account. Those figures suggest that Yahoo could have faced a bill of more than $1 billion had it lost the case, however, they had disputed the damages estimates.
The hearing to approve the preliminary settlement is scheduled for Nov. 29, 2018. If approved, notices will be emailed to the affected account holders and published in People and National Geographic magazines.