Yahoo suffered major security breaches on two separate occasions in 2013 and 2014, affecting up to one billion users. However, the company only revealed the incidents in 2016, first in September of that year and then in December. Two years after reporting its biggest data scandal yet, Yahoo has agreed today to pay $50 million to the more than 200 million account holders who were affected by the attacks.
Those who paid for a premium email account from Yahoo will be able to claim a 25% refund while Yahoo account holders, in general, will be able to file for compensation at the rate of $25 per hour spent handling issues related to the breach. However, the amount of compensation claimed will be capped at $375 (15 hours) for those who have documented losses while those without such information can ask for up to $125 (five hours).
As part of a proposed settlement reached in court in San Francisco, the internet services company will also provide credit-monitoring services for free to those users. The breaches compromised their email addresses and other personal information, with Yahoo admitting late last year that the 2013 incident alone impacted three billion users.
The Associated Press noted that the Sunnyvale-based company confirmed the breaches only after it reached a $4.83 billion acquisition deal with Verizon Communications, though the transaction was put on hold earlier in 2017 after the U.S. Securities and Exchange Commission launched a probe into the security breach.
The hackers were believed to be state-sponsored, with the Federal Bureau of Investigation linking some of them to Russia. If you're one of those who fell victim to the breach, you will be eligible to claim a portion of the fund in restitution to identity theft, delayed tax refunds, and other related damages provided the preliminary settlement gains approval at federal court hearing currently scheduled for November 29.
Source: Associated Press