Yahoo has admitted to at least two data breaches, affecting more than 1.5 billion users. The company claims it was a “state-sponsored actor” that performed the attack, but stopped short of naming the country it believes to be involved.
Now, a lawsuit has been filed claiming the company endangered users and was negligent in failing to protect and inform consumers.
Why Data Breaches Matter
Every day, sensitive information is transmitted online. Yahoo and companies like it claim to provide security to users. When that security is breached, users are put at risk for identity theft and other problems.
According to the initial lawsuit filed against Yahoo, the company failed to safeguard users’ personal information, including names, passwords, email addresses, phone numbers, answers to security questions, and other sensitive data.
Furthermore, Yahoo is accused of not providing “timely, accurate, or adequate notice” of the breaches. And the lawsuit alleges Yahoo committed a breach of implied contract and violated California’s Unfair Competition Law, Business & Professions Code.
It took Yahoo two years after the 2014 breach occurred to alert users to the problem.
Yahoo One of Many Security Breaches
Yahoo seemed to be the first of many companies to fall victim to major security breaches in recent years.
In the fall of 2017, Equifax, one of the nation’s three major credit reporting agencies experienced a breach that lasted from mid-May through July of that same year. Hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for more than 200,000 people and dispute documents with personal identifying information for more than 180,000 people. The company claims users’ financial information had not been compromised.
The Equifax breach, and others like it, are not believed to be directly related to the Yahoo breach, but some believe the Yahoo breach could have triggered a chain reaction.
It’s possible tens or hundreds of thousands or more accounts could be hacked as a result of the information stolen in the Yahoo breach. Because hackers were able to gain access to so much sensitive information, it’s likely they’ll use it to gain access to other sites. Data shows that if only 0.1% of passwords stolen in the Yahoo breach are successfully used on other sites, it would be equivalent to another half a million breaches.
Yahoo Data Breach Lawsuit
According to the lawsuits filed against Yahoo, the company took far too long to identify the breach and alert users to the security risks. According to research cited in the lawsuit, the average time to identify a hack is 191 days and the average time to contain a breach is 58 days after it’s discovered. The company is accused of being “grossly negligent” and it’s believed that insiders at the company knew of the breach but failed to disclose anything had occurred.
At least one of the plaintiffs in the class action suit has already fallen victim to identity theft.
Despite claims by the company to the contrary, one of the lawsuits alleges that users’ financial information had been breached – at least indirectly. When so much personal information is stolen, it’s easy to then access financial information, thus causing a security breach. Yahoo is also accused of deception, misrepresentation, invasion of privacy, and negligence.
If you were affected by one of Yahoo’s security breaches, you could be eligible to participate in a class action lawsuit against the company. Every situation is different. Contact an attorney to learn whether you are eligible for compensation related to this or any other security breach that put you at risk.