US judge rules that Yahoo must face litigation by data breach customers
Yahoo customers could have protected themselves if it hadn't taken so long to notify them of the breach
A US judge has stated that Yahoo must face litigation from users who had their personal information revealed in three data breaches.
Judge Lucy Koh, based in San Jose, California, made the decision, reported by Reuters, which will be a setback for Verizon as it now owns Yahoo under an umbrella called Oath.
The data breaches took place between 2013 and 2016 but Yahoo is being criticised as it took time to notifiy its customers about them.
Judge Lucy Koh said victims could pursue some breach of contract and unfair competition claims.
"All plaintiffs have alleged a risk of future identity theft, in addition to loss of value of their personal identification information," she wrote.
Koh highlighted that some of the victims could have changed their passwords or canceled their accounts to protect themselves if Yahoo had not taken so long in letting them know about the breaches.
John Yanchunis, a lawyer for the plaintiffs, told Reuters: "We believe it to be a significant victory for consumers, and will address the deficiencies the court pointed out."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"It's the biggest data breach in the history of the world," he added.
IT Pro has contacted Oath and Verizon for comment, the former declined to comment on litigation.
Yahoo had multiple data breaches between 2013 and 2016 which led to customers suing the company because their personal details were stolen. In a 2014 breach, names, email addresses, phone numbers and encrypted passwords of Yahoo users had been stolen.
Due to the data breaches, Verizon was able to knock $350 million off its acquisition of Yahoo. It also stipulated that Yahoo is responsible for 50% of any cash liabilities incurred as a result of investigations into the breach.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.