Yahoo Data Breach: Judge Rules Users Can Sue Company Over Hack
A federal court judge on Friday ruled that a class action lawsuit can move forward against Yahoo over a number of massive data breaches that revealed the personal information of billions of users, Reuters reported.
The decision, made by U.S. District Judge Lucy Koh in San Jose, California, rejected an appeal from Verizon, which bought Yahoo last June, to dismiss many of the claims made against Yahoo in the lawsuit, including alleged negligence and breach of contract.
Judge Koh previously dismissed an earlier attempt by Yahoo to have the lawsuit thrown out, after the company claimed that the hacks it suffered were the result of advanced tactics by attackers rather than a failure of the company’s security protocols.
The lawsuit accuses Yahoo of failing to disclose to its users a series of three major data breaches that hit the company between 2013 and 2016. The breaches revealed a significant amount of personal information from those affected.
While Yahoo initially reported one billion users were exposed by one hack and 500 million exposed by another, the company revised its figures last year and disclosed that three billion users in total were put at risk as a result of the hacks.
The breaches exposed usernames and passwords used to login to Yahoo accounts to hackers. In some cases, telephone numbers and dates of birth were also exposed. Because the login information gave hackers access to victims’ email accounts, it is possible that other personal information contained in their email account may have been compromised, as well.
According to Judge Koh, the complaint filed by victims of the breach accurately reflects that many users likely would not have used Yahoo’s service to handle potentially sensitive information if they knew the company was so vulnerable to attack.
“Plaintiffs’ allegations are sufficient to show that they would have behaved differently had defendants disclosed the security weaknesses of the Yahoo Mail System,” Koh wrote in her decision, which was obtained by International Business Times.
The Justice Department in March 2017 indicted four Russian hackers who were involved in the 2014 hack of Yahoo. The indictments included two members of the Federal Security Service (FSB) — the Russian intelligence agency that was once headed by Russian President Vladimir Putin — and two criminal hackers allegedly hired by the Russian government.
© Copyright IBTimes 2024. All rights reserved.