In one of the biggest class-action lawsuit settlements in the United States history, Yahoo Inc. has agreed to pay US$ 117.5 million over a series of data breaches that affected its users between 2012 and 2016. The affected users will likely get US$ 100 in compensation or two years of credit monitoring services for free.
Yahoo urged the Settlement Class Members to claim for the reimbursement. In case users already hold credit monitoring services, they can opt for cash payment, which is less than US$ 100 or more (up to US$ 358) per user, depending on how many users are claiming for the settlement, Yahoo said in a statement.
According to Yahoo, anyone who had a Yahoo account between January 1, 2012, and December 31, 2016, and is a resident of the United States or Israel is eligible for the settlement.
“You may additionally provide documentation or proof to receive reimbursement of up to $25,000.00 in out-of-pocket losses, including lost time, that you believe you suffered or are suffering because of the Data Breaches. As to documented lost time, you can receive payment for up to 15 hours of time at an hourly rate of $25.00 per hour or unpaid time off work at your actual hourly rate, whichever is greater. If your lost time is not documented, you can receive payment for up to five hours at that same rate,” the statement added.
In December 2016, Yahoo had admitted that more than one billion accounts were compromised in the infamous 2013 breach. However, the company later revealed that all three billion company’s accounts were compromised.
The hack exposed user account information, which includes name, email address, hashed passwords, birthdays, phone numbers, and, in some cases, encrypted or unencrypted security questions and answers. However, the company’s investigation confirmed that credit card and bank account data was not hacked in the breach.
In a post titled, “Yahoo 2013 Account Security Update FAQs”, the company said, “Yahoo is providing notice to additional user accounts affected by an August 2013 theft of user data previously announced by the company in December 2016. This is not a new security issue. In 2016, Yahoo previously took action to protect all user accounts”.