Yahoo will have to pay $50 million in damages as part of a settlement following massive data breaches in 2013 and 2014. The settlement was filed Monday.
In addition to paying $50 million, Yahoo will also have to provide at least two years of credit monitoring services for around 200 million people who had personal information such as names, email addresses and phone numbers stolen.
Yahoo’s 2013 breach affected 3 billion accounts, while the 2014 breach affected 500 million accounts. Both were disclosed in 2016. At the time, Yahoo said the 2013 hack affected 1 billion accounts, but that number was updated to all 3 billion in 2017. Hacked information included passwords that were encrypted, but which could be cracked.
Verizon, which acquired Yahoo in 2017, will pay half the settlement cost, while Altaba, the company formed from the ashes of Yahoo’s sale to Verizon, will pay the other half. In April, the US Securities and Exchange Commission said Altaba had to pay $35 million for Yahoo’s failure to disclose the breach in 2014.
A judge is scheduled to rule on the settlement on Nov. 29.
Yahoo declined to comment.
You can read the settlement here:
Yahoo Settlement by on Scribd