Yahoo worldwide class action lawsuit looming on the horizon

Although there are multiple lawsuits being made against Yahoo, the technology company may face a worldwide class action.

Back in August 2013, Yahoo reportedly compromised more than 1 billion accounts making it “one of the biggest data breaches in digital history”. It was reported that an “unauthorised party” hacked into the email accounts. Yahoo have since theorised that the hacks were “state-sponsored”.

Complaints

The 71-page consolidated complaint “re Yahoo! Inc. Customer Data Security Breach Litigation” alleges that the users “suffered actual harm” as a result of the data breach.

This includes suffering from:

  • False tax returns filed in their names
  • Fraudulent activity on their credit cards and bank account
  • Having their government benefits stolen
  • Spam and unwarranted emails sent to their Yahoo accounts

The effects of the data breach

Millions of individuals were affected by the colossal data breach. One man in particular, Brian Neff, the owner of an online insurance company, said that his credit card details were stolen in the cyber-hack, which led to numerous fraudulent activities on his account. He paid Yahoo thousands of dollars for their web-hosting and small-business email services, and in return was a victim of identity theft.

Basis of the claims

The complaints against Yahoo were made on the basis of three different legislations:

  • Federal stored communications act
  • California consumer protection laws
  • State breach of contract claim

Inaction

The complaint alleges that Yahoo did nothing to protect its cybersecurity even after they found out about the breach. It notes incidents dating as far back as 2003. When they learned of the breach, the argument is that they should’ve critically reviewed their vulnerabilities, but instead Yahoo reportedly left their security vulnerabilities wide-open for more than a decade.

The complaint is looking to create a class of Israeli, Venezuelan, Australian, Spanish and U.S. consumers. There’s also a separate class action for small business owners who allegedly had to spend thousands of dollars to increase their cybersecurity as a direct result of the breach.

Legal representatives

Yahoo is represented by Hunton & Williams LLP, and the complainants are being represented by multiple law firms. A number of law firms in the U.S. reportedly fought to be ‘lead lawyers’ in the Yahoo litigation.

District Judge Lucy Koh chose Morgan & Morgan to be the leaders in the litigation due to Yanchunis’ “Knowledge and experience in prosecuting complex litigation, including class actions, data breach, and/or privacy cases” amongst other reasons.

John Yanchunis’ knowledge and experience may have been a deciding factor for Judge Koh as he and Morgan & Morgan have previously litigated on two big data breach class actions; Home Depot Inc. which was settled for $13 million (£10 million) and Target Corporation which was settled for $10 million (£7.8 million)

It’s time that lax data controllers are held firmly accountable for their inaction. Their failure to enforce cybersecurity compromised millions of individuals’ personal data; it’s time they pay the price.

Word of advice

Brian Krebs, a security researcher, has been “urging friends and family to migrate off of Yahoo email, mainly because the company appeared to fall far behind its peers in blocking spam and other email-based attacks”. Brian also noted that Yahoo’s security features, such as secret questions, can have the reverse effect of keeping an account secure, and can actually weaken it.

Brian has stuck by his recommendation for years.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a Callback from our team!

Fill out our quick call back form below and we’ll contact you when you’re ready to talk to us.
All fields marked * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.